CVE-2022-25314
Published: 18 February 2022
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
Notes
Author | Note |
---|---|
sbeattie | paraview uses system expat xotcl uses system expat poco uses system expat gdcm uses system expat audacity uses system expat simgear uses system expat coin3 uses system expat as of 4.0.0~CMake~6f54f1602475+ds1-1 sitecopy uses system expat since 1:0.16.0-1 (dapper!) |
leosilva | xenial and trusty are not affected as code is not present. |
rodrigo-zaiden | libxmltok does not include copyString method, so it is not affected. |
Priority
CVSS 3 base score: 7.5
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
focal |
Not vulnerable
(code-not-compiled)
|
|
impish |
Not vulnerable
(code-not-compiled)
|
|
jammy |
Not vulnerable
(code-not-compiled)
|
|
kinetic |
Not vulnerable
(code-not-compiled)
|
|
trusty |
Not vulnerable
(code-not-compiled)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code-not-compiled)
|
|
apr-util Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
focal |
Not vulnerable
(code-not-compiled)
|
|
impish |
Not vulnerable
(code-not-compiled)
|
|
jammy |
Not vulnerable
(code-not-compiled)
|
|
kinetic |
Not vulnerable
(code-not-compiled)
|
|
trusty |
Not vulnerable
(code-not-compiled)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code-not-compiled)
|
|
ayttm Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
cableswig Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
cadaver Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
cmake Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
focal |
Not vulnerable
(code-not-compiled)
|
|
impish |
Not vulnerable
(code-not-compiled)
|
|
jammy |
Not vulnerable
(code-not-compiled)
|
|
kinetic |
Not vulnerable
(code-not-compiled)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code-not-compiled)
|
|
coin3 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Not vulnerable
(uses system expat)
|
|
impish |
Not vulnerable
(uses system expat)
|
|
jammy |
Not vulnerable
(uses system expat)
|
|
kinetic |
Not vulnerable
(uses system expat)
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
expat Launchpad, Ubuntu, Debian |
bionic |
Released
(2.2.5-3ubuntu0.7)
|
focal |
Released
(2.2.9-1ubuntu0.4)
|
|
impish |
Released
(2.4.1-2ubuntu0.3)
|
|
jammy |
Released
(2.4.5-2)
|
|
kinetic |
Released
(2.4.5-2)
|
|
trusty |
Not vulnerable
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
|
|
firefox Launchpad, Ubuntu, Debian |
bionic |
Needed
|
focal |
Needed
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Released
(1:1snap1-0ubuntu1)
|
|
kinetic |
Released
(1:1snap1-0ubuntu1)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needed
|
|
gdcm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system expat)
|
focal |
Not vulnerable
(uses system expat)
|
|
impish |
Not vulnerable
(uses system expat)
|
|
jammy |
Not vulnerable
(uses system expat)
|
|
kinetic |
Not vulnerable
(uses system expat)
|
|
trusty |
Not vulnerable
(uses system expat)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(uses system expat)
|
|
ghostscript Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
focal |
Not vulnerable
(code-not-compiled)
|
|
impish |
Not vulnerable
(code-not-compiled)
|
|
jammy |
Not vulnerable
(code-not-compiled)
|
|
kinetic |
Not vulnerable
(code-not-compiled)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code-not-compiled)
|
|
insighttoolkit Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
insighttoolkit4 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
libxmltok Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Not vulnerable
(code not present)
|
|
hirsute |
Ignored
(reached end-of-life)
|
|
impish |
Not vulnerable
(code not present)
|
|
jammy |
Not vulnerable
(code not present)
|
|
kinetic |
Not vulnerable
(code not present)
|
|
trusty |
Ignored
(out of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code)
|
|
matanza Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
smart Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code-not-compiled)
|
|
swish-e Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
tdom Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
texlive-bin Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
focal |
Not vulnerable
(code-not-compiled)
|
|
impish |
Not vulnerable
(code-not-compiled)
|
|
jammy |
Not vulnerable
(code-not-compiled)
|
|
kinetic |
Not vulnerable
(code-not-compiled)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code-not-compiled)
|
|
thunderbird Launchpad, Ubuntu, Debian |
bionic |
Needed
|
focal |
Needed
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needed
|
|
vnc4 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
vtk Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
wbxml2 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
xmlrpc-c Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
impish |
Ignored
(reached end-of-life)
|
|
jammy |
Needs triage
|
|
kinetic |
Needs triage
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|