libexpat 2.7.2 fixes CVE-2025-59375 (DoS, CWE-770)

[Sebastian Pipping <sebastian () pipping org>]

Hello oss-security,


just a quick note that libexpat 2.7.2 (or "Expat 2.7.2") released
today is fixing CVE-2025-59375: denial of service through forced
extensive use of dynamic memory despite small parser input.

Some key links are:

- The change log of release 2.7.2
  https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes

- The ClusterFuzz finding, its payload and analysis
  https://github.com/libexpat/libexpat/issues/1018

- The fixing pull request
  https://github.com/libexpat/libexpat/pull/1034

- The official CVE metadata
  https://nvd.nist.gov/vuln/detail/CVE-2025-59375

Best



Sebastian