oss-sec mailing list archives

libexpat 2.7.5 fixes three vulnerabilities (2x null deref, 1x infinite loop)

From: Sebastian Pipping <sebastian () pipping org>
Date: Tue, 17 Mar 2026 21:48:34 +0100

Hello oss-security,


just a quick note that libexpat 2.7.5 (or "Expat 2.7.5") released
today is fixing three vulnerabilities.

Some key links are:

- The blog post about it:
  https://blog.hartwork.org/posts/expat-2-7-5-released/

- The change log of release 2.7.5
  https://github.com/libexpat/libexpat/blob/R_2_7_5/expat/Changes

- The fixing pull requests
  - https://github.com/libexpat/libexpat/pull/1158
  - https://github.com/libexpat/libexpat/pull/1162
  - https://github.com/libexpat/libexpat/pull/1163

- The official CVE metadata
  - https://nvd.nist.gov/vuln/detail/CVE-2026-32776
  - https://nvd.nist.gov/vuln/detail/CVE-2026-32777
  - https://nvd.nist.gov/vuln/detail/CVE-2026-32778

Best



Sebastian

Current thread:

libexpat 2.7.5 fixes three vulnerabilities (2x null deref, 1x infinite loop) Sebastian Pipping (Mar 17)
- Re: libexpat 2.7.5 fixes three vulnerabilities (2x null deref, 1x infinite loop) Alan Coopersmith (Mar 17)