CVE-2026-32777

Опубликовано: 16 мар. 2026

Источник: debian

Описание

libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
expat	fixed	2.7.5-1		package

Примечания

https://github.com/libexpat/libexpat/issues/1161
https://github.com/libexpat/libexpat/pull/1162
Fixed by: https://github.com/libexpat/libexpat/commit/55cda8c7125986e17d7e1825cba413bd94a35d02
Test: https://github.com/libexpat/libexpat/commit/a7805c1a8a48d2ce83ef289cf55bdc8b45de76a8

Связанные уязвимости

CVE-2026-32777

CVSS3: 4

ubuntu

10 дней назад

libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

CVE-2026-32777

CVSS3: 4

redhat

11 дней назад

A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted Document Type Definition (DTD) content. This could lead to an infinite loop during parsing, resulting in a Denial of Service (DoS) for the application using libexpat.

CVE-2026-32777

CVSS3: 4

nvd

10 дней назад

libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

CVE-2026-32777

msrc

10 дней назад

Описание отсутствует

GHSA-9rpf-mhcj-gv7r

CVSS3: 4

github

10 дней назад

libexpat before 2.7.5 allows an infinite loop while parsing DTD content.