CNNVD-202509-2278 Information

Sep 15, 2025 cve

CNNVD ID

CNNVD-202509-2278

CVE-2025-59375

CNNVD Published: 2025-09-15

Description (Chinese)

Expat是Expat开源的一个快速流式 XML 解析器。 Expat 2.7.2之前版本存在安全漏洞，该漏洞源于小型文档解析时可能触发大量动态内存分配。

Description (English)

Expat is a fast-flow XML resolver from the Expat open source. There is a security loophole in the preExpat 2.7.2 version, which may trigger a large dynamic memory distribution when small documents are analysed.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Explosion

Published

2025-09-15

Last Modified

2026-02-24

References

https://github.com/libexpat/libexpat/pull/1034 https://github.com/libexpat/libexpat/issues/1018 https://issues.oss-fuzz.com/issues/439133977 https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74 https://www.oracle.com/security-alerts/cpuoct2025.html https://vigilance.fr/vulnerability/libexpat-overload-via-Dynamic-Memory-Allocation-48250 https://www.oracle.com/security-alerts/cpujan2026.html

Share on: