INFSA-2025:19403: expat security update
Information about definition
Identificator: INFSA-2025:19403
Type: security
Release date: 2025-11-07 21:17:58 UTC
Information about package
Expat is a C library for parsing XML documents.
Vulnerabilities description
- CVE-2025-59375
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-59375
|
no information | 5.3 | no information |
Updated packages
Preparing to download...