An update for expat is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2564 Final 1.0 1.0 2025-10-31 Initial 2025-10-31 2025-10-31 openEuler SA Tool V1.0 2025-10-31 expat security update An update for expat is now available for openEuler-24.03-LTS expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fix(es): A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.(CVE-2024-8176) An update for expat is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High expat https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2564 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 openEuler-24.03-LTS expat-help-2.5.0-12.oe2403.noarch.rpm expat-2.5.0-12.oe2403.aarch64.rpm expat-debuginfo-2.5.0-12.oe2403.aarch64.rpm expat-debugsource-2.5.0-12.oe2403.aarch64.rpm expat-devel-2.5.0-12.oe2403.aarch64.rpm expat-2.5.0-12.oe2403.src.rpm expat-2.5.0-12.oe2403.x86_64.rpm expat-debuginfo-2.5.0-12.oe2403.x86_64.rpm expat-debugsource-2.5.0-12.oe2403.x86_64.rpm expat-devel-2.5.0-12.oe2403.x86_64.rpm A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. 2025-10-31 CVE-2024-8176 openEuler-24.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H expat security update 2025-10-31 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2564