VulnerableCode Package Details - pkg:deb/debian/apr-util@1.3.7%2Bdfsg-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3kyb-4yvt-f7e1	A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.	CVE-2009-1955
VCID-7ftk-sajb-akh4	A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.	CVE-2009-0023
VCID-pj4f-awuq-73g6	An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.	CVE-2009-1956

Vulnerability

Summary

Aliases

VCID-3kyb-4yvt-f7e1

A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.

CVE-2009-1955

VCID-7ftk-sajb-akh4

A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.

CVE-2009-0023

VCID-pj4f-awuq-73g6

An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.

CVE-2009-1956

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:51:41.412100+00:00	Debian Importer	Fixing	VCID-3kyb-4yvt-f7e1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:45:54.002654+00:00	Debian Importer	Fixing	VCID-pj4f-awuq-73g6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:28:56.904311+00:00	Debian Importer	Fixing	VCID-7ftk-sajb-akh4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:49:39.546470+00:00	Debian Importer	Fixing	VCID-3kyb-4yvt-f7e1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:16:53.364726+00:00	Debian Importer	Fixing	VCID-pj4f-awuq-73g6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:19:22.309685+00:00	Debian Importer	Fixing	VCID-7ftk-sajb-akh4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:16:20.946633+00:00	Debian Importer	Fixing	VCID-3kyb-4yvt-f7e1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:09:22.294021+00:00	Debian Importer	Fixing	VCID-pj4f-awuq-73g6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:05:00.274902+00:00	Debian Importer	Fixing	VCID-7ftk-sajb-akh4	https://security-tracker.debian.org/tracker/data/json	38.1.0