Search CVE reports
31 – 40 of 41 results
CVE-2016-0718
Medium prioritySome fixes available 29 of 193
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
28 affected packages
audacity, ayttm, cableswig, cadaver, coin3...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cableswig | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
coin3 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | Not affected | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Vulnerable | Fixed | Fixed | Fixed | Fixed |
matanza | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2015-1283
Medium prioritySome fixes available 38 of 242
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or...
33 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cableswig | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
chromium-browser | Fixed | Fixed | Fixed | Fixed | Fixed |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
expat | Not affected | Not affected | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Vulnerable | Fixed | Fixed | Fixed | Fixed |
matanza | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Fixed |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Vulnerable | Fixed |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2013-0340
Medium priorityexpat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption),...
40 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | — | — | — | — | — |
apr-util | — | — | — | — | — |
audacity | — | — | — | — | — |
ayttm | — | — | — | — | — |
cableswig | — | — | — | — | — |
cadaver | — | — | — | — | — |
celementtree | — | — | — | — | — |
cmake | — | — | — | — | — |
coin3 | — | — | — | — | — |
expat | — | — | — | — | — |
gdcm | — | — | — | — | — |
ghostscript | — | — | — | — | — |
grmonitor | — | — | — | — | — |
insighttoolkit | — | — | — | — | — |
kompozer | — | — | — | — | — |
libparagui1.1 | — | — | — | — | — |
matanza | — | — | — | — | — |
paraview | — | — | — | — | — |
poco | — | — | — | — | — |
python-xml | — | — | — | — | — |
python2.4 | — | — | — | — | — |
python2.5 | — | — | — | — | — |
python2.6 | — | — | — | — | — |
simgear | — | — | — | — | — |
sitecopy | — | — | — | — | — |
smart | — | — | — | — | — |
swish-e | — | — | — | — | — |
tdom | — | — | — | — | — |
texlive-bin | — | — | — | — | — |
tla | — | — | — | — | — |
vnc4 | — | — | — | — | — |
vtk | — | — | — | — | — |
w3c-libwww | — | — | — | — | — |
wbxml2 | — | — | — | — | — |
wxwidgets2.6 | — | — | — | — | — |
wxwidgets2.8 | — | — | — | — | — |
wxwindows2.4 | — | — | — | — | — |
xmlrpc-c | — | — | — | — | — |
xotcl | — | — | — | — | — |
xulrunner | — | — | — | — | — |
CVE-2012-6702
Medium prioritySome fixes available 5 of 103
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
32 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Not affected |
cableswig | Not in release | Not in release | Not in release | Not in release | Not affected |
cadaver | Not affected | Not affected | Not affected | Not affected | Not affected |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Not affected | Not affected |
expat | Not affected | Not affected | Not affected | Not affected | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Not affected | Not affected | Not affected | Not affected | Not affected |
matanza | Not affected | Not affected | Not affected | Not affected | Not affected |
paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Not affected | Not affected | Not affected | Not affected | Not affected |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2012-1147
Low priorityreadfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
40 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | — | — | — | Ignored | Ignored |
apr-util | — | — | — | Ignored | Ignored |
audacity | — | — | — | Not affected | Not affected |
ayttm | — | — | — | Not in release | Not affected |
cableswig | — | — | — | Not in release | Not affected |
cadaver | — | — | — | Not affected | Not affected |
celementtree | — | — | — | Not in release | Not in release |
cmake | — | — | — | Ignored | Ignored |
coin3 | — | — | — | Not affected | Not affected |
expat | — | — | — | Not affected | Not affected |
gdcm | — | — | — | Not affected | Not affected |
ghostscript | — | — | — | Ignored | Ignored |
grmonitor | — | — | — | Not in release | Not in release |
insighttoolkit | — | — | — | Not in release | Not affected |
kompozer | — | — | — | Not in release | Not in release |
libparagui1.1 | — | — | — | Not in release | Not in release |
matanza | — | — | — | Not affected | Not affected |
paraview | — | — | — | Not affected | Not affected |
poco | — | — | — | Not affected | Not affected |
python-xml | — | — | — | Not in release | Not in release |
python2.4 | — | — | — | Not in release | Not in release |
python2.5 | — | — | — | Not in release | Not in release |
python2.6 | — | — | — | Not in release | Not in release |
simgear | — | — | — | Not affected | Not affected |
sitecopy | — | — | — | Not affected | Not affected |
smart | — | — | — | Ignored | Ignored |
swish-e | — | — | — | Not affected | Not affected |
tdom | — | — | — | Not affected | Not affected |
texlive-bin | — | — | — | Ignored | Ignored |
tla | — | — | — | Not affected | Not affected |
vnc4 | — | — | — | Ignored | Ignored |
vtk | — | — | — | Not in release | Not affected |
w3c-libwww | — | — | — | Not in release | Not in release |
wbxml2 | — | — | — | Not affected | Not affected |
wxwidgets2.6 | — | — | — | Not in release | Not in release |
wxwidgets2.8 | — | — | — | Not in release | Not in release |
wxwindows2.4 | — | — | — | Not in release | Not in release |
xmlrpc-c | — | — | — | Ignored | Ignored |
xotcl | — | — | — | Not affected | Not affected |
xulrunner | — | — | — | Not in release | Not in release |
CVE-2012-1148
Low prioritySome fixes available 40 of 398
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause...
41 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cableswig | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
celementtree | Not in release | Not in release | Not in release | Not in release | Not in release |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
expat | Not affected | Not affected | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
grmonitor | Not in release | Not in release | Not in release | Not in release | Not in release |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Vulnerable | Fixed | Fixed | Fixed | Fixed |
matanza | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
python-xml | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
w3c-libwww | Not in release | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwindows2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Fixed | Fixed | Fixed | Fixed | Fixed |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
xulrunner | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2012-0876
Medium prioritySome fixes available 36 of 388
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption)...
41 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cableswig | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
celementtree | Not in release | Not in release | Not in release | Not in release | Not in release |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
expat | Not affected | Not affected | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
grmonitor | Not in release | Not in release | Not in release | Not in release | Not in release |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Not affected | Not affected | Not affected | Not affected | Not affected |
matanza | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
python-xml | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
w3c-libwww | Not in release | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwindows2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Fixed | Fixed | Fixed | Fixed | Fixed |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
xulrunner | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2011-2188
Medium priorityLuaExpat before 1.2.0 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of...
1 affected package
lua-expat
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
lua-expat | — | — | — | — | — |
CVE-2009-3560
Medium prioritySome fixes available 79 of 506
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed...
41 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Not affected |
cableswig | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cadaver | Not affected | Not affected | Not affected | Not affected | Not affected |
celementtree | Not in release | Not in release | Not in release | Not in release | Not in release |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
grmonitor | Not in release | Not in release | Not in release | Not in release | Not in release |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not affected |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
python-xml | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Not affected | Not affected |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
w3c-libwww | Not in release | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwindows2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Fixed | Fixed | Fixed | Fixed | Fixed |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
xulrunner | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2009-3720
Low prioritySome fixes available 79 of 536
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML...
41 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Not affected |
cableswig | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
celementtree | Not in release | Not in release | Not in release | Not in release | Not in release |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
grmonitor | Not in release | Not in release | Not in release | Not in release | Not in release |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
python-xml | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Not affected | Not affected |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
w3c-libwww | Not in release | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwindows2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Fixed | Fixed | Fixed | Fixed | Fixed |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
xulrunner | Not in release | Not in release | Not in release | Not in release | Not in release |