VYPR

rpm package

suse/expat&distro=SUSE Linux Enterprise Module for Basesystem 15 SP6

pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6

Vulnerabilities (6)

  • CVE-2025-59375HigSep 15, 2025
    affected < 2.7.1-150400.3.31.1fixed 2.7.1-150400.3.31.1

    libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

  • CVE-2024-8176HigMar 14, 2025
    affected < 2.7.1-150400.3.28.1fixed 2.7.1-150400.3.28.1

    A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and c

  • CVE-2024-50602Oct 27, 2024
    affected < 2.4.4-150400.3.25.1fixed 2.4.4-150400.3.25.1

    An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

  • CVE-2024-45492CriAug 30, 2024
    affected < 2.4.4-150400.3.22.1fixed 2.4.4-150400.3.22.1

    An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

  • CVE-2024-45491CriAug 30, 2024
    affected < 2.4.4-150400.3.22.1fixed 2.4.4-150400.3.22.1

    An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

  • CVE-2024-45490HigAug 30, 2024
    affected < 2.4.4-150400.3.22.1fixed 2.4.4-150400.3.22.1

    An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.