Hello oss-security,
just a quick note that libexpat 2.7.2 (or "Expat 2.7.2") released today is fixing CVE-2025-59375: denial of service through forced extensive use of dynamic memory despite small parser input. Some key links are: - The change log of release 2.7.2 https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes - The ClusterFuzz finding, its payload and analysis https://github.com/libexpat/libexpat/issues/1018 - The fixing pull request https://github.com/libexpat/libexpat/pull/1034 - The official CVE metadata https://nvd.nist.gov/vuln/detail/CVE-2025-59375 Best Sebastian
