{"id":"JLSEC-2025-173","summary":"libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a sm...","details":"libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.","modified":"2025-11-06T23:03:50.965725Z","published":"2025-10-21T14:51:00.329Z","upstream":["CVE-2025-59375"],"database_specific":{"sources":[{"modified":"2025-10-17T19:26:36.673Z","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-59375","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59375","imported":"2025-10-21T14:28:06.192Z","published":"2025-09-15T03:15:40.920Z","id":"CVE-2025-59375"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"},{"type":"WEB","url":"https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes"},{"type":"WEB","url":"https://github.com/libexpat/libexpat/issues/1018"},{"type":"WEB","url":"https://github.com/libexpat/libexpat/pull/1034"},{"type":"WEB","url":"https://issues.oss-fuzz.com/issues/439133977"}],"affected":[{"package":{"name":"Expat_jll","ecosystem":"Julia","purl":"pkg:julia/Expat_jll?uuid=2e619515-83b5-522b-bb60-26c02a35a201"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.7.3+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2025/JLSEC-2025-173.json"}}],"schema_version":"1.7.3"}