9 matches found
RHEL 10 : python3.12 (RHSA-2026:19064)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19064 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...
Important: expat security update
Expat is a C library for parsing XML documents. Security Fixes: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 For more details about the security issues, including the impact, a CVSS score,...
JLSEC-2025-62 An issue was discovered in libexpat before 2.6.3
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...
SUSE SLED15 / SLES15 Security Update : expat (SUSE-SU-2025:03508-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03508-1 advisory. - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations ...
USN-7145-1 expat vulnerability
It was discovered that Expat did not properly handle its internal state when attempting to resume an unstarted parser. An attacker could use this issue to cause a denial of service application crash...
expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...
expat: Integer overflow in storeRawNames()
An integer overflow was found in expat. The issue occurs in storeRawNames by abusing the mbuffer expansion logic to allow allocations very close to INTMAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution...
expat: Integer overflow in addBinding in xmlparse.c
expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality a...
expat: Integer overflow in storeRawNames()
An integer overflow was found in expat. The issue occurs in storeRawNames by abusing the mbuffer expansion logic to allow allocations very close to INTMAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution...