Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Expat XML Parser Security Update: Prevents Data Corruption and Crashes
Summary
This update fixes security issues in the Expat XML parser that could allow attackers to cause data corruption or crashes. These vulnerabilities were identified in the way the parser handled XML files, potentially allowing malicious code to be executed. To stay secure, update your Expat installation to the latest version.
What to do
- Update expat to version 2.7.1-150400.3.34.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | expat | <= 2.7.1-150400.3.34.1 | 2.7.1-150400.3.34.1 |
| – | expat | <= 2.7.1-150400.3.34.1 | 2.7.1-150400.3.34.1 |
| – | expat | <= 2.7.1-150400.3.34.1 | 2.7.1-150400.3.34.1 |
| – | expat | <= 2.7.1-150400.3.34.1 | 2.7.1-150400.3.34.1 |
Original title
Security update for expat
Original description
This update for expat fixes the following issues:
- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
- https://www.suse.com/support/update/announcement/2026/suse-su-20260826-1/ Vendor Advisory
- https://bugzilla.suse.com/1257144 Third Party Advisory
- https://bugzilla.suse.com/1257496 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2026-24515 URL
- https://www.suse.com/security/cve/CVE-2026-25210 URL
Published: 5 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026