An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:6754 https://access.redhat.com/errata/RHSA-2024:6754
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:6989 https://access.redhat.com/errata/RHSA-2024:6989
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:7599 https://access.redhat.com/errata/RHSA-2024:7599