Security Advisory Description
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). (CVE-2024-28757)
Impact
An attacker may be able to use an XML Entity Expansion attack, consuming all system resources and resulting in a denial-of-service (DoS).