BDU:2025-12925

Уязвимость библиотеки для анализа XML-файлов libexpat, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2025-59375

Published: 2025-09-15
Modified: 2025-11-04

CVE-2025-59375

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74
https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes
https://github.com/libexpat/libexpat/issues/1018
https://github.com/libexpat/libexpat/pull/1034
https://issues.oss-fuzz.com/issues/439133977
http://www.openwall.com/lists/oss-security/2025/09/16/2

Version: 2.1.2

Package expat update in sisyphus_riscv64 on 2025-10-21

ALT-PU-2025-13331-1

Closed vulnerabilities

BDU:2025-12925

CVE-2025-59375