Search CVE reports
21 – 30 of 39 results
Some fixes available 30 of 127
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
24 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cableswig | Not in release | Not in release | Not in release | Not in release |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
libxmltok | Fixed | Fixed | Fixed | Fixed |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Fixed | Fixed | Ignored |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 30 of 127
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
24 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cableswig | Not in release | Not in release | Not in release | Not in release |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
libxmltok | Fixed | Fixed | Fixed | Fixed |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Fixed | Fixed | Ignored |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 30 of 127
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
24 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cableswig | Not in release | Not in release | Not in release | Not in release |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
libxmltok | Fixed | Fixed | Fixed | Fixed |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Fixed | Fixed | Ignored |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 28 of 310
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
50 affected packages
apache2, apr-util, astropy, audacity, ayttm...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
astropy | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
audacity | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cableswig | Not in release | Not in release | Not in release | Not in release |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coda | Needs evaluation | Needs evaluation | Needs evaluation | — |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
emboss | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
harp | Needs evaluation | Needs evaluation | Needs evaluation | — |
ibm-3270 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
insighttoolkit5 | Needs evaluation | Needs evaluation | — | — |
libsynthesis | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Fixed | Fixed | Fixed | Fixed |
mame | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
matanza | Ignored | Ignored | Ignored | Ignored |
opencollada | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
poco | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
python2.7 | Not in release | Not affected | Not affected | Not affected |
python3.10 | Not in release | Not affected | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release |
python3.6 | Not in release | Not in release | Not in release | Not affected |
python3.7 | Not in release | Not in release | Not in release | Not affected |
python3.8 | Not in release | Not in release | Not affected | Not affected |
python3.9 | Not in release | Not in release | Not affected | Not in release |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
sitecopy | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Ignored |
tla | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
visp | Needs evaluation | Needs evaluation | — | Needs evaluation |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc | — | — | — | — |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xsd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 22 of 114
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
24 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cableswig | Not in release | Not in release | Not in release | Not in release |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
libxmltok | Not affected | Not affected | Not affected | Not affected |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Ignored |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 56 of 189
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a...
32 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
audacity | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cableswig | Not in release | Not in release | Not in release | Not in release |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
chromium-browser | Fixed | Fixed | Fixed | Fixed |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Vulnerable |
expat | Not affected | Not affected | Not affected | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
kompozer | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release |
libxmltok | Fixed | Fixed | Fixed | Fixed |
matanza | Ignored | Ignored | Ignored | Ignored |
poco | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Fixed | Fixed | Fixed | Fixed |
vnc4 | Not in release | Not in release | Not in release | Vulnerable |
vtk | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 25 of 121
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable...
32 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
audacity | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cableswig | Not in release | Not in release | Not in release | Not in release |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Vulnerable |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
kompozer | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release |
libxmltok | Fixed | Fixed | Fixed | Fixed |
matanza | Ignored | Ignored | Ignored | Ignored |
poco | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Vulnerable |
vtk | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 7 of 99
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
33 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
audacity | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cableswig | Not in release | Not in release | Not in release | Not in release |
cadaver | Not affected | Not affected | Not affected | Not affected |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Not affected | Not affected | Not affected | Not affected |
firefox | Not affected | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
kompozer | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release |
libxmltok | Not affected | Not affected | Not affected | Not affected |
matanza | Ignored | Ignored | Ignored | Ignored |
poco | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Not affected | Not affected | Not affected | Not affected |
Some fixes available 5 of 99
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this...
31 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
audacity | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cableswig | Not in release | Not in release | Not in release | Not in release |
cadaver | Not affected | Not affected | Not affected | Not affected |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Not affected |
expat | Not affected | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
kompozer | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release |
libxmltok | Not affected | Not affected | Not affected | Not affected |
matanza | Not affected | Not affected | Not affected | Not affected |
poco | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected |
swish-e | Not affected | Not affected | Not affected | Not affected |
tdom | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
xotcl | Not affected | Not affected | Not affected | Not affected |
Some fixes available 7 of 174
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this...
26 affected packages
audacity, ayttm, cableswig, cadaver, coin3...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
audacity | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cableswig | Not in release | Not in release | Not in release | Not in release |
cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
coin3 | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
expat | Not affected | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
kompozer | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release |
libxmltok | Fixed | Fixed | Fixed | Fixed |
matanza | Ignored | Ignored | Ignored | Ignored |
poco | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected |
swish-e | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
tdom | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
xotcl | Not affected | Not affected | Not affected | Not affected |