Skip to main content

Expat 2.4.9 released, includes security fixes

libexpat is a fast streaming XML parser. Alongside libxml2, Expat is one of the most widely used software libre XML parsers written in C, precisely C99. It is cross-platform and licensed under the MIT license.

Expat 2.4.9 has been released earlier today. Alongside the usual pile of improvements to the build system, most importantly this release fixes CVE-2022-40674: a heap use-after-free vulnerability in function doContent with expected impact of denial of service or potentially arbitrary code execution. For more details, please check out the change log.

If you maintain Expat packaging or a bundled copy of Expat or a pinned version of Expat somewhere, please update to 2.4.9. Thank you!

Sebastian Pipping