CVE-2019-15903

Published: 04 September 2019

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code-not-compiled)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code-not-compiled)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code-not-compiled)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code-not-compiled)
apr-util
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code-not-compiled)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code-not-compiled)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code-not-compiled)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code-not-compiled)
audacity
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(uses system expat)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(uses system expat)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(uses system expat)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

ayttm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

cableswig
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

cadaver
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

chromium-browser
Launchpad, Ubuntu, Debian
Upstream
Released (78.0.3904.70)
Ubuntu 21.04 (Hirsute Hippo)
Released (78.0.3904.70-0ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (78.0.3904.70-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (78.0.3904.70-0ubuntu0.18.04.2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (78.0.3904.70-0ubuntu0.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

cmake
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code-not-compiled)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code-not-compiled)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code-not-compiled)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

coin3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Needed

expat
Launchpad, Ubuntu, Debian
Upstream
Released (2.1.0-6+deb8u6, 2.2.7-2)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2.2.7-2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2.2.7-2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.2.5-3ubuntu0.2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.1.0-7ubuntu0.16.04.5)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.1.0-4ubuntu1.4+esm2)
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (70.0)
Ubuntu 21.04 (Hirsute Hippo)
Released (70.0+build2-0ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (70.0+build2-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (70.0+build2-0ubuntu0.18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (70.0+build2-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

gdcm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(uses system expat)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(uses system expat)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(uses system expat)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(uses system expat)
ghostscript
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code-not-compiled)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code-not-compiled)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code-not-compiled)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

insighttoolkit
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

insighttoolkit4
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

kompozer
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

libparagui1.1
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

matanza
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

poco
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(uses system expat)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(uses system expat)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(uses system expat)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(uses system expat)
simgear
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(uses system expat)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(uses system expat)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(uses system expat)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(uses system expat)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

sitecopy
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

smart
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code-not-compiled)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code-not-compiled)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

swish-e
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

tdom
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

texlive-bin
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code-not-compiled)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code-not-compiled)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code-not-compiled)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code-not-compiled)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (68.2)
Ubuntu 21.04 (Hirsute Hippo)
Released (1:68.2.0+build1.1-0ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (1:68.2.0+build1.1-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:68.2.1+build1-0ubuntu0.18.04.1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:68.7.0+build1-0ubuntu0.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

vnc4
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Needed

vtk
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

wbxml2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Needs triage

Ubuntu 20.04 LTS (Focal Fossa) Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

wxwidgets2.8
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

xmlrpc-c
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 21.04 (Hirsute Hippo) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Needed