CVE-2026-24515

Опубликовано: 23 янв. 2026

Источник: debian

Описание

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

Пакет	Статус	Версия исправления	Релиз	Тип
expat	fixed	2.7.3-2		package
expat	no-dsa		trixie	package
expat	no-dsa		bookworm	package
expat	postponed		bullseye	package

https://github.com/libexpat/libexpat/pull/1131
Fixed by: https://github.com/libexpat/libexpat/commit/86fc914a7acc49246d5fde0ab6ed97eb8a0f15f9 (R_2_7_4)
Test case: https://github.com/libexpat/libexpat/commit/8efea3e255d55c7e0a5b70b226f4652ab00e1a27 (R_2_7_4)
Documentation: https://github.com/libexpat/libexpat/commit/3de54af0969418014e9093dd2b41bd712dd9b12e (R_2_7_4)

CVE-2026-24515

CVSS3: 2.9

ubuntu

16 дней назад

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

CVE-2026-24515

CVSS3: 2.9

nvd

16 дней назад

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

GHSA-mpwv-4wmh-cvf7

CVSS3: 2.9

github

16 дней назад

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.