Search CVE reports
1 – 10 of 17 results
CVE-2022-30045
Medium priorityAn issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read.
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mapcache | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
netcdf | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
netcdf-parallel | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
scilab | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-31598
Medium prioritySome fixes available 1 of 47
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mapcache | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Needs evaluation |
netcdf | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Needs evaluation |
netcdf-parallel | Vulnerable | Vulnerable | Vulnerable | Not in release | Ignored |
scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Fixed |
CVE-2021-31348
Medium priorityAn issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mapcache | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Needs evaluation |
netcdf | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Needs evaluation |
netcdf-parallel | Vulnerable | Vulnerable | Vulnerable | Not in release | Ignored |
scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Needs evaluation |
CVE-2021-31347
Medium prioritySome fixes available 1 of 59
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).
5 affected packages
mapcache, navit, netcdf, netcdf-parallel, scilab
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mapcache | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
navit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
netcdf | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
netcdf-parallel | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
scilab | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Fixed |
CVE-2021-31229
Medium prioritySome fixes available 1 of 59
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.
5 affected packages
mapcache, navit, netcdf, netcdf-parallel, scilab
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mapcache | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
navit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
netcdf | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
netcdf-parallel | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
scilab | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Fixed |
CVE-2021-30485
Medium prioritySome fixes available 1 of 59
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
5 affected packages
mapcache, navit, netcdf, netcdf-parallel, scilab
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mapcache | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
navit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
netcdf | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
netcdf-parallel | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
scilab | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Fixed |
CVE-2021-26222
Medium priorityThe ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
5 affected packages
mapcache, navit, netcdf, netcdf-parallel, scilab
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mapcache | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
navit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
netcdf | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
netcdf-parallel | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
scilab | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-26221
Medium priorityThe ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mapcache | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
netcdf | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
netcdf-parallel | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
scilab | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-26220
Medium priorityThe ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mapcache | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
netcdf | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
netcdf-parallel | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
scilab | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-20202
Medium priorityAn issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
5 affected packages
mapcache, navit, netcdf, netcdf-parallel, scilab
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
mapcache | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
navit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
netcdf | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
netcdf-parallel | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
scilab | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |