Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2
purl pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2
Next non-vulnerable version 2.7.5-1
Latest non-vulnerable version 2.7.5-1
Risk 4.0
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-77y6-jskt-qucb
Aliases:
CVE-2025-59375
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
2.7.5-1
Affected by 0 other vulnerabilities.
VCID-jqe4-44gw-wbhu
Aliases:
CVE-2026-32777
libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing
2.7.5-1
Affected by 0 other vulnerabilities.
VCID-nktd-7gph-kkb1
Aliases:
CVE-2026-32778
libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition
2.7.5-1
Affected by 0 other vulnerabilities.
VCID-qmx9-wkj4-67h3
Aliases:
CVE-2023-52426
expat: recursive XML entity expansion vulnerability
2.7.1-2
Affected by 6 other vulnerabilities.
VCID-u5pr-wheu-h7c6
Aliases:
CVE-2024-28757
expat: XML Entity Expansion
2.7.1-2
Affected by 6 other vulnerabilities.
VCID-utz3-ytaf-cbht
Aliases:
CVE-2026-25210
libexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation
2.7.5-1
Affected by 0 other vulnerabilities.
VCID-v41j-xj8s-m7ar
Aliases:
CVE-2026-32776
libexpat: libexpat: Denial of Service due to NULL pointer dereference
2.7.5-1
Affected by 0 other vulnerabilities.
VCID-yw8s-ezc7-6ub8
Aliases:
CVE-2026-24515
libexpat: libexpat null pointer dereference
2.7.5-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (7)
Vulnerability Summary Aliases
VCID-1fms-7y9v-dfc5 Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code. CVE-2013-0340
VCID-7ndj-4zn8-cqa4 expat: parsing large tokens can trigger a denial of service CVE-2023-52425
VCID-d26t-ex9d-x3ev Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. CVE-2024-45491
VCID-gtcn-kyd2-xqdk Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. CVE-2024-45490
VCID-k2kp-fv3q-vyh2 libexpat: expat: DoS via XML_ResumeParser CVE-2024-50602
VCID-nguf-68jf-ryaz libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat CVE-2024-8176
VCID-nw3z-nwyg-87e5 Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. CVE-2024-45492

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T22:08:14.816017+00:00 Debian Oval Importer Fixing VCID-7ndj-4zn8-cqa4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T21:58:00.218520+00:00 Debian Oval Importer Fixing VCID-gtcn-kyd2-xqdk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:30:48.771838+00:00 Debian Oval Importer Fixing VCID-nw3z-nwyg-87e5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:02:50.563571+00:00 Debian Oval Importer Fixing VCID-d26t-ex9d-x3ev https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:29:14.183279+00:00 Debian Oval Importer Fixing VCID-k2kp-fv3q-vyh2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-13T08:58:11.062662+00:00 Debian Importer Affected by VCID-u5pr-wheu-h7c6 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:54:35.435708+00:00 Debian Importer Affected by VCID-jqe4-44gw-wbhu https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:29:52.398275+00:00 Debian Importer Affected by VCID-qmx9-wkj4-67h3 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:54:29.386889+00:00 Debian Importer Affected by VCID-nktd-7gph-kkb1 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:50:43.022499+00:00 Debian Importer Affected by VCID-v41j-xj8s-m7ar https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:32:22.131644+00:00 Debian Importer Affected by VCID-77y6-jskt-qucb https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:03:32.477937+00:00 Debian Importer Fixing VCID-nguf-68jf-ryaz https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:40:19.825148+00:00 Debian Importer Affected by VCID-yw8s-ezc7-6ub8 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T06:30:54.187361+00:00 Debian Importer Fixing VCID-1fms-7y9v-dfc5 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T21:46:09.069062+00:00 Debian Oval Importer Fixing VCID-7ndj-4zn8-cqa4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T21:36:16.745454+00:00 Debian Oval Importer Fixing VCID-gtcn-kyd2-xqdk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:12:10.724347+00:00 Debian Oval Importer Fixing VCID-nw3z-nwyg-87e5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:05:51.523930+00:00 Debian Importer Affected by VCID-utz3-ytaf-cbht https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:48:34.463447+00:00 Debian Oval Importer Fixing VCID-d26t-ex9d-x3ev https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T17:15:41.816331+00:00 Debian Oval Importer Fixing VCID-k2kp-fv3q-vyh2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T21:23:54.940527+00:00 Debian Oval Importer Fixing VCID-7ndj-4zn8-cqa4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T21:14:24.489438+00:00 Debian Oval Importer Fixing VCID-gtcn-kyd2-xqdk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:53:22.388670+00:00 Debian Oval Importer Fixing VCID-nw3z-nwyg-87e5 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:35:46.498427+00:00 Debian Oval Importer Fixing VCID-d26t-ex9d-x3ev https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:04:20.233490+00:00 Debian Oval Importer Fixing VCID-k2kp-fv3q-vyh2 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-02T17:17:08.964207+00:00 Debian Importer Affected by VCID-u5pr-wheu-h7c6 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:16:48.671315+00:00 Debian Importer Affected by VCID-jqe4-44gw-wbhu https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:14:49.109787+00:00 Debian Importer Affected by VCID-qmx9-wkj4-67h3 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:12:07.648510+00:00 Debian Importer Affected by VCID-nktd-7gph-kkb1 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:11:55.091228+00:00 Debian Importer Affected by VCID-v41j-xj8s-m7ar https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:10:24.285110+00:00 Debian Importer Affected by VCID-77y6-jskt-qucb https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:08:15.678608+00:00 Debian Importer Fixing VCID-nguf-68jf-ryaz https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:06:34.604061+00:00 Debian Importer Affected by VCID-yw8s-ezc7-6ub8 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:05:50.316119+00:00 Debian Importer Fixing VCID-1fms-7y9v-dfc5 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-02T17:03:49.798336+00:00 Debian Importer Affected by VCID-utz3-ytaf-cbht https://security-tracker.debian.org/tracker/data/json 38.1.0