Search CVE reports
1 – 10 of 18 results
CVE-2023-52389
Medium priorityUTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32...
1 affected packages
poco
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
poco | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-46143
Medium prioritySome fixes available 22 of 268
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
50 affected packages
apache2, apr-util, astropy, audacity, ayttm...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
astropy | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
audacity | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ayttm | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coda | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
emboss | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed | Ignored |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
harp | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
ibm-3270 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected | Needs evaluation |
insighttoolkit5 | Needs evaluation | Needs evaluation | — | — | Ignored |
libsynthesis | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Vulnerable | Fixed | Fixed | Fixed | Fixed |
mame | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
opencollada | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
poco | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.10 | Not in release | Not affected | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Not affected |
python3.6 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.7 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.8 | Not in release | Not in release | Not affected | Not affected | Not in release |
python3.9 | Not in release | Not in release | Not affected | Not in release | Not in release |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
sitecopy | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Ignored | Ignored |
tla | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
visp | Needs evaluation | Needs evaluation | — | Needs evaluation | Needs evaluation |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc | — | — | — | — | Ignored |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xsd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-15903
Medium prioritySome fixes available 48 of 168
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a...
32 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
chromium-browser | Fixed | Fixed | Fixed | Fixed | Fixed |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
expat | Not affected | Not affected | Not affected | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected | Needs evaluation |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Vulnerable | Fixed | Fixed | Fixed | Fixed |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
vnc4 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
vtk | Not in release | Not in release | Not in release | Not in release | Fixed |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2018-20843
Low prioritySome fixes available 21 of 108
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable...
32 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Vulnerable | Fixed | Fixed | Fixed | Fixed |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
vtk | Not in release | Not in release | Not in release | Not in release | Fixed |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2017-1000472
Medium prioritySome fixes available 2 of 4
The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks...
1 affected packages
poco
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
poco | — | — | — | Not affected | Fixed |
CVE-2017-9233
Medium prioritySome fixes available 7 of 94
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
33 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Not affected |
cableswig | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cadaver | Not affected | Not affected | Not affected | Not affected | Not affected |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Fixed |
expat | Not affected | Not affected | Not affected | Not affected | Fixed |
firefox | Not affected | Not affected | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not affected |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Not affected | Not affected | Not affected | Not affected | Not affected |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2016-5300
Medium prioritySome fixes available 5 of 96
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this...
31 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Not affected |
cableswig | Not in release | Not in release | Not in release | Not in release | Not affected |
cadaver | Not affected | Not affected | Not affected | Not affected | Not affected |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Not affected | Not affected |
expat | Not affected | Not affected | Not affected | Not affected | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not affected |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Not affected | Not affected | Not affected | Not affected | Not affected |
matanza | Not affected | Not affected | Not affected | Not affected | Not affected |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Not affected | Not affected | Not affected | Not affected | Not affected |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2016-4472
Medium prioritySome fixes available 5 of 161
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this...
26 affected packages
audacity, ayttm, cableswig, cadaver, coin3...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cableswig | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
coin3 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
expat | Not affected | Not affected | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Vulnerable | Fixed | Fixed | Fixed | Fixed |
matanza | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2016-0718
Medium prioritySome fixes available 28 of 184
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
28 affected packages
audacity, ayttm, cableswig, cadaver, coin3...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cableswig | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
coin3 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | Not affected | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Vulnerable | Fixed | Fixed | Fixed | Fixed |
matanza | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2015-1283
Medium prioritySome fixes available 37 of 233
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or...
33 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cableswig | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
chromium-browser | Fixed | Fixed | Fixed | Fixed | Fixed |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
expat | Not affected | Not affected | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Vulnerable | Fixed | Fixed | Fixed | Fixed |
matanza | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Fixed |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Vulnerable | Fixed |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |