An issue was discovered in libexpat before 2.6.4 that can be leveraged as a vulnerability. A new CVE has been created at: https://nvd.nist.gov/vuln/detail/CVE-2024-50602 The issue has been resolved at https://github.com/libexpat/libexpat/pull/915 We can resolve this vulnerability in VTK by bumping libexpat to a version that contains the above change.