{"id":"MGASA-2024-0072","summary":"Updated expat packages fix security vulnerabilities","details":"It was discovered that Expat could be made to consume large amounts of\nresources. If a user or automated system were tricked into processing\nspecially crafted input, an attacker could possibly use this issue to\ncause\na denial of service. (CVE-2023-52425, CVE-2024-28757)\n","modified":"2026-04-16T00:11:43.985952864Z","published":"2024-03-18T16:12:23Z","upstream":["CVE-2023-52425","CVE-2024-28757"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0072.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32970"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6694-1"}],"affected":[{"package":{"name":"expat","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/expat?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.2-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0072.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}