CVE-2025-59375

Опубликовано: 15 сент. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Ссылки

https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74
Product
https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes
Product
https://github.com/libexpat/libexpat/issues/1018
Exploit
Issue Tracking
https://github.com/libexpat/libexpat/pull/1034
Issue Tracking
https://issues.oss-fuzz.com/issues/439133977
Exploit
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Версия до 2.7.2 (исключая)

EPSS

Процентиль: 29%

0.00102

Низкий

7.5 High

CVSS3

Дефекты

CWE-770

Связанные уязвимости

CVE-2025-59375

CVSS3: 7.5

ubuntu

около 2 месяцев назад

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

CVE-2025-59375

CVSS3: 7.5

redhat

около 2 месяцев назад

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

CVE-2025-59375

CVSS3: 7.5

msrc

около 2 месяцев назад

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

CVE-2025-59375

CVSS3: 7.5

debian

около 2 месяцев назад

libexpat in Expat before 2.7.2 allows attackers to trigger large dynam ...

SUSE-SU-2025:03624-1

suse-cvrf

19 дней назад

Security update for expat

EPSS

Процентиль: 29%

0.00102

Низкий

7.5 High

CVSS3

Дефекты

CWE-770