CVE-2025-59375

Опубликовано: 15 сент. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Ссылки

https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74
Product
https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes
Product
https://github.com/libexpat/libexpat/issues/1018
Exploit
Issue Tracking
https://github.com/libexpat/libexpat/pull/1034
Issue Tracking
https://issues.oss-fuzz.com/issues/439133977
Exploit
Issue Tracking
http://www.openwall.com/lists/oss-security/2025/09/16/2

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Версия до 2.7.2 (исключая)

EPSS

Процентиль: 16%

0.00051

Низкий

7.5 High

CVSS3

Дефекты

CWE-770

Связанные уязвимости

CVE-2025-59375

CVSS3: 7.5

ubuntu

7 месяцев назад

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

CVE-2025-59375

CVSS3: 5.3

redhat

7 месяцев назад

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

CVE-2025-59375

CVSS3: 7.5

msrc

7 месяцев назад

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

CVE-2025-59375

CVSS3: 7.5

debian

7 месяцев назад

libexpat in Expat before 2.7.2 allows attackers to trigger large dynam ...

openSUSE-SU-2025:20055-1

suse-cvrf

4 месяца назад

Security update for expat

EPSS

Процентиль: 16%

0.00051

Низкий

7.5 High

CVSS3

Дефекты

CWE-770