← Back to home
wid-sec-w-2026-0733  ·  Published 2026-03-15  ·  View on BSI CERT-Bund ↗

libexpat: Multiple Vulnerabilities allow Denial of Service

CVSS 4.0 MEDIUM

Risk Summary

libexpat before 2.7.5 allows an infinite loop while parsing DTD content. libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.

CVEs (3)

Affected Vendors

Amazon IBM Open Source SUSE

Affected Products (8)

IBM · Business Automation Workflow 24.0.0-24.0.1
IBM · Business Automation Workflow 25.0.0-25.0.1
IBM · HTTP Server <9.0.5.28
IBM · HTTP Server 9.0.5.28
IBM · HTTP Server <8.5.5.30
IBM · HTTP Server 8.5.5.30
Open Source · expat <2.7.5
Open Source · expat 2.7.5

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more