VulnerableCode Package Details - pkg:deb/ubuntu/tla@1.3.5%2Bdfsg-4

Search for packages

Vulnerability	Summary	Fixed by
VCID-12vz-x2ff-aaam Aliases: CVE-2016-5300	The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.	1.3.5+dfsg-15 Affected by 0 other vulnerabilities.
VCID-58hc-uzqc-aaas Aliases: CVE-2012-1148	Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.	1.3.5+dfsg-15 Affected by 0 other vulnerabilities.
VCID-b1ss-y8wt-aaac Aliases: CVE-2016-4472	The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.	1.3.5+dfsg-15 Affected by 0 other vulnerabilities.
VCID-c3kj-7drz-aaas Aliases: CVE-2016-0718	Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.	1.3.5+dfsg-15 Affected by 0 other vulnerabilities.
VCID-fekk-wkwz-aaae Aliases: CVE-2012-6702	Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.	1.3.5+dfsg-15 Affected by 0 other vulnerabilities.
VCID-gx4q-9nac-aaab Aliases: CVE-2012-0876	The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.	1.3.5+dfsg-15 Affected by 0 other vulnerabilities.
VCID-zx7x-yup4-aaab Aliases: CVE-2012-1147	readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.	1.3.5+dfsg-15 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-12vz-x2ff-aaam
Aliases:
CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.