Search for packages
Package details: pkg:deb/debian/apr-util@1.2.7%2Bdfsg-2
purl pkg:deb/debian/apr-util@1.2.7%2Bdfsg-2
Next non-vulnerable version 1.6.1-5+deb11u1
Latest non-vulnerable version 1.6.1-5+deb11u1
Risk 9.6
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-2h74-w9ra-wbf7
Aliases:
CVE-2009-2412
A flaw in apr_palloc() in the bundled copy of APR could cause heap overflows in programs that try to apr_palloc() a user controlled size. The Apache HTTP Server itself does not pass unsanitized user-provided sizes to this function, so it could only be triggered through some other application which uses apr_palloc() in a vulnerable way.
1.3.9+dfsg-5
Affected by 2 other vulnerabilities.
VCID-bay7-x8bk-dqf6
Aliases:
CVE-2009-1956
An off-by-one overflow flaw was found in the way the bundled copy of the APR-util library processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service.
1.3.9+dfsg-5
Affected by 2 other vulnerabilities.
VCID-cqpz-3xpm-4fhz
Aliases:
CVE-2009-0023
A heap-based underwrite flaw was found in the way the bundled copy of the APR-util library created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine.
1.3.9+dfsg-5
Affected by 2 other vulnerabilities.
VCID-cqrd-ejej-uqe9
Aliases:
CVE-2010-1623
A flaw was found in the apr_brigade_split_line() function of the bundled APR-util library, used to process non-SSL requests. A remote attacker could send requests, carefully crafting the timing of individual bytes, which would slowly consume memory, potentially leading to a denial of service.
1.3.9+dfsg-5
Affected by 2 other vulnerabilities.
VCID-exfa-m9xw-wkap
Aliases:
CVE-2009-1955
A denial of service flaw was found in the bundled copy of the APR-util library Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine.
1.3.9+dfsg-5
Affected by 2 other vulnerabilities.
VCID-n6j7-vjgu-d7a7
Aliases:
CVE-2022-25147
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
1.6.1-5+deb11u1
Affected by 0 other vulnerabilities.
VCID-wq29-zfsd-4fbp
Aliases:
CVE-2017-12618
1.6.1-4
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T17:40:57.405339+00:00 Debian Oval Importer Affected by VCID-cqpz-3xpm-4fhz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T15:39:12.958941+00:00 Debian Oval Importer Affected by VCID-bay7-x8bk-dqf6 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:49:59.282578+00:00 Debian Oval Importer Affected by VCID-n6j7-vjgu-d7a7 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:58:27.121217+00:00 Debian Oval Importer Affected by VCID-2h74-w9ra-wbf7 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:19:38.402878+00:00 Debian Oval Importer Affected by VCID-cqrd-ejej-uqe9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T12:47:16.005678+00:00 Debian Oval Importer Affected by VCID-exfa-m9xw-wkap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T12:22:53.880011+00:00 Debian Oval Importer Affected by VCID-wq29-zfsd-4fbp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0