VDB

GCVE-VVD-MAGEIA-2026-61

GCVE-VVD-MAGEIA-2026-61
Advisory Published
Vulnetix · Advisory published March 20, 2026
libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. (CVE-2026-32776) libexpat before 2.7.5 allows an infinite loop while parsing DTD content. (CVE-2026-32777) libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier out-of-memory condition. (CVE-2026-32778)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiaexpat0 (affected), 2.7.5-1.mga9 (unaffected), 0 (affected), 2.7.5-1.mga9 (unaffected)

Aliases

CVE-2026-32777CVE-2026-32776CVE-2026-32778

Transitive aliases

ALPINE-CVE-2026-32778EUVD-2026-12351MSRC_CVE-2026-32778VVD-CISA-2026-32778EUVD-2026-12349EUVD-2026-12347VVD-CESS-2026-32778VVD-CESS-2026-32777MSRC_CVE-2026-32777BELL-CVE-2026-32777GHSA-9rpf-mhcj-gv7rESB-2026.3118MSRC_CVE-2026-32776VVD-CESS-2026-32776ALPINE-CVE-2026-32776ALAS2023-2026-1518BELL-CVE-2026-32778ALPINE-CVE-2026-32777ALAS2-2026-3219BELL-CVE-2026-32776ESB-2026.3166ALAS2FIREFOX-2026-055

References

Updated expat packages fix security vulnerabilities
advisory
Updated expat packages fix security vulnerabilities
issue
Updated expat packages fix security vulnerabilities
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›