Offensive SequenceSep 15, 2025
🔎 CVE-2025-59375: HIGH severity in libexpat (<2.7.2) — attackers can remotely exhaust system memory via crafted small XML docs, causing DoS. Patch to 2.7.2+ or mitigate with input controls. https://radar.offseq.com/threat/cve-2025-59375-cwe-770-allocation-of-resources-wit-82d0797d #OffSeq #Vuln #libexpat #InfoSec
Neustradamus :xmpp: :linux:Apr 8, 2025
#libexpat 2.7.1 has been released (#Expat / #XML / #CVE / #SecurityVulnerability) https://libexpat.github.io/
Welcome to Expat! · Expat XML parser

Expat XML parser

Hacker NewsMar 13, 2025

Recursion kills: The story behind CVE-2024-8176 in libexpat

https://blog.hartwork.org/posts/expat-2-7-0-released/

#HackerNews #Recursion #libexpat #CVE20248176 #security #vulnerability #programming

Hartwork Blog · Recursion kills: The story behind CVE-2024-8176 / Expat 2.7.0 released, includes security fixes

Neustradamus :xmpp: :linux:Jan 10, 2025
There are several security vulnerabilities in #XAMPP (#Apache #ApacheHTTPd #PHP #Perl #MySQL #MariaDB #OpenSSL #phpMyAdmin #Curl #Tomcat #libexpat), I have done the official announcement, please share! (#ApacheFriends #Bitrock #Bitnami #VMware #Broadcom) https://github.com/Neustradamus/xampp
GitHub - Neustradamus/xampp: XAMPP is not secure

XAMPP is not secure. Contribute to Neustradamus/xampp development by creating an account on GitHub.

GitHub
Show threadMatěj Cepl 🇪🇺 🇨🇿 🇺🇦May 2, 2024
Oh, my! https://libexpat.github.io/doc/users/ yes, many of these projects are insignificant or obsolete, but what remains! If these got broken! Oh, sh*! #FLOSS #libexpat #SBOM #vulnerability #XML
Software using Expat · Expat XML parser

Expat XML parser

Jens FinkhäuserApr 5, 2024

Unpopular opinion: If your hobby is responsible for running the modern world, you deserve to be paid a living wage for running it.

#xz #expat #libexpat

Jens Bannmann ⁂Apr 2, 2024

Any experienced C developers among my followers? #BoostsWelcome.

Expat, arguably the world's most popular #XML parser, is understaffed and without funding. As #xz has shown, situations like this are dangerous.

Last month, maintainer Sebastian Pipping put up a plea for help at https://github.com/libexpat/libexpat/blob/R_2_6_2/expat/Changes

(I would help myself, but my C skills barely surpass "Hello, World".)

Found via @timbray - https://cosocial.ca/@timbray/112203547801373427

#libexpat
#SoftwareSupplyChainSecurity #OpenSource #OpenSourceMaintainer
#C

libexpat/expat/Changes at R_2_6_2 · libexpat/libexpat

:herb: Fast streaming XML parser written in C99 with >90% test coverage; moved from SourceForge to GitHub - libexpat/libexpat

GitHub
Show thread[email protected]Sep 23, 2022

Контр-пример: нашли UAF - исправили UAF, а не “замылили” ошибку карантином.

OpenBSD 7.1 errata 010, September 23, 2022:

In libexpat fix heap use-after-free vulnerability CVE-2022-40674.

#security #c #uaf #libexpat

P.S. У всех пользователей #OpenBSD отличный повод запустить syspatch

heise online (inoffiziell)Jan 28, 2022
Eine Sicherheitslücke in der Expat-Bibliothek zur Verarbeitung von XML könnten Angreifer nutzen, um in verwundbare Systeme einzudringen.
XML-Parser Expat ermöglicht Angreifern Einschleusen von Schadcode
XML-Parser Expat ermöglicht Angreifern Einschleusen von Schadcode

Eine Sicherheitslücke in der Expat-Bibliothek zur Verarbeitung von XML könnten Angreifer nutzen, um in verwundbare Systeme einzudringen.

heise online