oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

libexpat 2.7.4 fixes CVE-2026-24515 and CVE-2026-25210

From: Sebastian Pipping <sebastian () pipping org>
Date: Sat, 31 Jan 2026 14:45:44 +0100
Hello oss-security,


just a quick note that libexpat 2.7.4 (or "Expat 2.7.4") released
today is fixing CVE-2026-24515 (NULL pointer de-reference, CWE-476)
and CVE-2026-25210 (integer overflow, CWE-190).

Some key links are:

- The change log of release 2.7.4
  https://github.com/libexpat/libexpat/blob/R_2_7_4/expat/Changes

- The fixing pull requests
  - https://github.com/libexpat/libexpat/pull/1131
  - https://github.com/libexpat/libexpat/pull/1075

- The official CVE metadata
  - https://nvd.nist.gov/vuln/detail/CVE-2026-24515
  - https://nvd.nist.gov/vuln/detail/CVE-2026-25210

Best



Sebastian
Previous By Date Next
Previous By Thread Next

Current thread: