CVE-2025-59375

High CVSS: 7.5

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Vendor

Product

CWE

Yayın Tarihi

2025-09-15 03:15:40

Güncelleme

2025-11-04 22:16:34

Source Identifier

cve@mitre.org

KEV Date Added

CWE-770 Libexpat HIGH Libexpat Project 2025

https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74 https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes https://github.com/libexpat/libexpat/issues/1018 https://github.com/libexpat/libexpat/pull/1034 https://issues.oss-fuzz.com/issues/439133977 http://www.openwall.com/lists/oss-security/2025/09/16/2

Medium

CVE-2026-32776

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.

Medium

CVE-2026-32777

libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

Low

CVE-2026-32778

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memo…

Medium

CVE-2026-25210

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no…

Low

CVE-2026-24515

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

Low

CVE-2025-66382

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing…