VulnerableCode Package Details - pkg:deb/ubuntu/expat@2.2.6-2

Search for packages

Package details: pkg:deb/ubuntu/expat@2.2.6-2

Essentials
History (0)

purl	pkg:deb/ubuntu/expat@2.2.6-2

Next non-vulnerable version	2.2.7-2
Latest non-vulnerable version	2.2.7-2
Risk	4.5

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-jnbc-rb8g-aaaq Aliases: CVE-2019-15903	In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.	2.2.7-2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-4bzd-xbmz-aaaj	In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).	CVE-2018-20843

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version