PT-2025-11226 · Libexpat+13 · Libexpat+13

Jann Horn

·

Published

2025-03-13

·

Updated

2026-03-29

·

CVE-2024-8176

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Expat versions prior to 2.7.0
Description Expat is a C library used for parsing XML documents. A stack overflow vulnerability exists due to improper restriction of XML entity expansion depth. This can occur when processing XML documents with deeply nested entity references, potentially leading to a denial of service (DoS) or, in some cases, exploitable memory corruption.
Recommendations Update to Expat version 2.7.0 or later.

Fix

DoS

Stack Overflow

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-674

Related Identifiers

ALSA-2025:3531
ALSA-2025:3913
ALSA-2025:4048
ALSA-2025:7444
ALSA-2025:7512
AZL-58641
AZL-58671
BDU:2025-04573
CESA-2025_3913
CESA-2025_4048
CVE-2024-8176
ECHO-D644-956D-FA05
INFSA-2025_3531
INFSA-2025_3913
INFSA-2025_4048
INFSA-2025_7444
MGASA-2025-0109
MGASA-2025-0240
OESA-2025-2564
OESA-2025-2565
OESA-2025-2672
OESA-2025-2673
OESA-2025-2674
OPENSUSE-SU-2025:14952-1
OPENSUSE-SU-2025_1201-1
RHSA-2025:22033
RHSA-2025:22034
RHSA-2025:3531
RHSA-2025:3913
RHSA-2025:4048
RHSA-2025:4446
RHSA-2025:4447
RHSA-2025:4448
RHSA-2025:4449
RHSA-2025:7444
RHSA-2025:7512
RHSA-2025_3531
RHSA-2025_3913
RHSA-2025_4048
RHSA-2025_7444
SUSE-SU-2025:03239-1
SUSE-SU-2025:1186-1
SUSE-SU-2025:1201-1
SUSE-SU-2025:1295-1
SUSE-SU-2025:20207-1
SUSE-SU-2025:20311-1
SUSE-SU-2025_03239-1
SUSE-SU-2025_1186-1
SUSE-SU-2025_1201-1
SUSE-SU-2025_1295-1
USN-7424-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Ibm Aix
Linuxmint
Apple Macos
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Libexpat