5 matches found
Astra Linux – Vulnerabilities in Firefox, Thunderbird, and Expat
In libexpat before version 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...
CLSA-2026-1770732201 Fix CVE(s): CVE-2026-24515
SECURITY UPDATE: XMLExternalEntityParserCreate failure to copy the encoding handler data can cause a NULL dereference. - debian/patches/CVE-2026-24515.patch: Make XMLExternalEntityParserCreate copy unknown encoding handler user data - CVE-2026-24515...
expat -- multiple vulnerabilities
expat team reports: Update contains 2 security fixes: CVE-2026-24515: NULL dereference in function XMLExternalEntityParserCreate CVE-2026-25210: missing check for integer overflow in function doContent...
ALPINE-CVE-2026-24515
In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...
SUSE CVE-2022-43680
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations...