CVE-2025-59375
HIGH7.5EPSS 0.10%thunderbird - security update
發布日:2025/9/15修改日:2026/3/27
也稱為:ALPINE-CVE-2025-59375DEBIAN-CVE-2025-59375DEBIAN-CVE-2026-3889DEBIAN-CVE-2026-4371DEBIAN-CVE-2026-4684DEBIAN-CVE-2026-4685DEBIAN-CVE-2026-4686DEBIAN-CVE-2026-4687DEBIAN-CVE-2026-4688DEBIAN-CVE-2026-4689DEBIAN-CVE-2026-4691DEBIAN-CVE-2026-4692DEBIAN-CVE-2026-4693DEBIAN-CVE-2026-4694DEBIAN-CVE-2026-4695DEBIAN-CVE-2026-4696DEBIAN-CVE-2026-4697DEBIAN-CVE-2026-4698DEBIAN-CVE-2026-4699DEBIAN-CVE-2026-4700DEBIAN-CVE-2026-4701DEBIAN-CVE-2026-4702DEBIAN-CVE-2026-4704DEBIAN-CVE-2026-4705DEBIAN-CVE-2026-4706DEBIAN-CVE-2026-4707DEBIAN-CVE-2026-4708DEBIAN-CVE-2026-4709DEBIAN-CVE-2026-4710DEBIAN-CVE-2026-4713DEBIAN-CVE-2026-4714DEBIAN-CVE-2026-4715DEBIAN-CVE-2026-4716DEBIAN-CVE-2026-4717DEBIAN-CVE-2026-4718DEBIAN-CVE-2026-4719DEBIAN-CVE-2026-4720DLA-4510-1DLA-4511-1
描述
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
受影響套件(8)
- Alpine/expatfrom 0, < 2.7.2-r0
- Debian/expatfrom 0
- Debian/firefox-esrfrom 0, < 140.9.0esr-1~deb11u1
- Debian/firefox-esrfrom 0, < 140.9.0esr-1~deb11u1
- Debian/firefox-esrfrom 0, < 140.9.0esr-1~deb12u1
- Debian/thunderbirdfrom 0, < 1:140.9.0esr-1~deb11u1
- Debian/thunderbirdfrom 0, < 1:140.9.0esr-1~deb12u1
- Debian/thunderbirdfrom 0, < 1:140.9.0esr-1~deb11u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |