32 matches found
SUSE-SU-2026:1817-1 Security update for mozjs60
This update for mozjs60 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259728. - CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing...
Unity Linux 20.1070e Security Update: expat (UTSA-2026-016799)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016799 advisory. libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. Tenable has extracted the...
SUSE-SU-2026:1742-1 Security update for mozjs52
This update for mozjs52 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259728. - CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing...
OPENSUSE-SU-2026:20674-1 Security update for mozjs128
This update for mozjs128 fixes the following issues: - CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259728. - CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing...
SUSE-SU-2026:21545-1 Security update for mozjs128
This update for mozjs128 fixes the following issues: - CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259728. - CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing...
JLSEC-2026-383
libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition...
SUSE-SU-2026:1352-1 Security update for expat
This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...
SUSE-SU-2026:21031-1 Security update for expat
This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...
Security update for expat (important)
openSUSE security update: security update for expat ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20448-1 Rating: important References: bsc1259711 bsc1259726 bsc1259729 Cross-References: CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVSS scores:...
Medium: thunderbird
Issue Overview: A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service...
Amazon Linux 2023 : firefox (ALAS2023-2026-1518)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1518 advisory. A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL...
SUSE-SU-2026:20963-1 Security update for expat
This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...
SUSE-SU-2026:1137-1 Security update for expat
This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...
CLSA-2026-1774611572 expat: Fix of CVE-2026-32778
CVE-2026-32778: fix NULL pointer dereference in setContext on retry after earlier out-of-memory...
CLSA-2026-1774605210 expat: Fix of 2 CVEs
CVE-2026-32777: fix infinite loop while parsing DTD content - CVE-2026-32778: fix NULL pointer dereference in setContext on retry after OOM...
SUSE CVE-2026-32778
libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition...
EUVD-2026-12351
libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition...
CVE-2026-32778
libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition...
CVE-2026-32778
libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition...
ALPINE-CVE-2026-32778
libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition...