VYPR

rpm package

suse/expat&distro=SUSE Linux Micro 6.2

pkg:rpm/suse/expat&distro=SUSE%20Linux%20Micro%206.2

Vulnerabilities (7)

  • CVE-2026-4897MedMar 26, 2026
    affected < 2.7.1-160000.5.1fixed 2.7.1-160000.5.1

    A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of

  • CVE-2026-32778Mar 16, 2026
    affected < 2.7.1-160000.5.1fixed 2.7.1-160000.5.1

    libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.

  • CVE-2026-32777Mar 16, 2026
    affected < 2.7.1-160000.5.1fixed 2.7.1-160000.5.1

    libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

  • CVE-2026-32776Mar 16, 2026
    affected < 2.7.1-160000.5.1fixed 2.7.1-160000.5.1

    libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.

  • CVE-2026-25210MedJan 30, 2026
    affected < 2.7.1-160000.4.1fixed 2.7.1-160000.4.1

    In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

  • CVE-2026-24515LowJan 23, 2026
    affected < 2.7.1-160000.4.1fixed 2.7.1-160000.4.1

    In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

  • CVE-2025-59375HigSep 15, 2025
    affected < 2.7.1-160000.3.1fixed 2.7.1-160000.3.1

    libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.