Package "libexpat1"
| Name: |
libexpat1
|
Description: |
XML parsing C library - runtime library
|
| Latest version: |
2.7.1-2ubuntu0.2 |
| Release: |
questing (25.10) |
| Level: |
security |
| Repository: |
main |
| Head package: |
expat |
| Homepage: |
https://libexpat.github.io/ |
Links
Download "libexpat1"
Other versions of "libexpat1" in Questing
Changelog
|
No changelog for deleted or moved packages.
|
|
expat (2.7.1-2ubuntu0.2) questing-security; urgency=medium
* SECURITY UPDATE: Large memory allocation.
- debian/patches/CVE-2025-59375-*: Fix large memory allocation in
expat/lib/xmlparse.c, expat/lib/expat.h, expat/tests/basic_tests.c,
expat/tests/nsalloc_tests.c, expat/xmlwf/xmlwf.c,
expat/xmlwf/xmlwf_helpgen.py, expat/lib/internal.h,
expat/tests/alloc_tests.c, expat/fuzz/xml_lpm_fuzzer.cpp,
expat/fuzz/xml_parse_fuzzer.c, expat/tests/misc_tests.c.
- debian/libexpat1.symbols: Add new symbols.
- CVE-2025-59375
* SECURITY UPDATE: Null pointer dereference.
- debian/patches/CVE-2026-24515-*: Add oldUnknownEncodingHandlerData and
assignments in expat/lib/xmlparse.c. Add tests in
expat/tests/basic_tests.c.
- CVE-2026-24515
* SECURITY UPDATE: Integer overflow.
- debian/patches/CVE-2026-25210-*: Change bufSize operation and assignment
and add error check in expat/lib/xmlparse.c.
- CVE-2026-25210
-- Hlib Korzhynskyy <email address hidden> Fri, 06 Feb 2026 11:45:02 -0330
|
| CVE-2025-59375 |
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. |
| CVE-2026-24515 |
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. |
| CVE-2026-25210 |
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for t |
|
About
-
Send Feedback to @ubuntu_updates
