Search for packages
Package details: pkg:deb/ubuntu/expat@2.1.0-4ubuntu1.1
purl pkg:deb/ubuntu/expat@2.1.0-4ubuntu1.1
Next non-vulnerable version 2.2.7-2
Latest non-vulnerable version 2.2.7-2
Risk 4.5
Vulnerabilities affecting this package (8)
Vulnerability Summary Fixed by
VCID-12vz-x2ff-aaam
Aliases:
CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.
2.2.0-1
Affected by 3 other vulnerabilities.
VCID-4bzd-xbmz-aaaj
Aliases:
CVE-2018-20843
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
2.2.6-2
Affected by 1 other vulnerability.
VCID-a9gp-eezn-aaaf
Aliases:
CVE-2015-1283
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.
2.1.0-7
Affected by 7 other vulnerabilities.
VCID-b1ss-y8wt-aaac
Aliases:
CVE-2016-4472
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
2.1.1-1ubuntu1
Affected by 5 other vulnerabilities.
VCID-c3kj-7drz-aaas
Aliases:
CVE-2016-0718
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
2.1.1-1ubuntu1
Affected by 5 other vulnerabilities.
VCID-fekk-wkwz-aaae
Aliases:
CVE-2012-6702
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
2.2.0-1
Affected by 3 other vulnerabilities.
VCID-gnd3-sds3-aaam
Aliases:
CVE-2017-9233
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
2.2.1-2
Affected by 2 other vulnerabilities.
VCID-jnbc-rb8g-aaaq
Aliases:
CVE-2019-15903
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
2.2.7-2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version