VulnerableCode Package Details - pkg:deb/ubuntu/xmlrpc-c@1.06.27-1ubuntu3

Search for packages

Package details: pkg:deb/ubuntu/xmlrpc-c@1.06.27-1ubuntu3

Essentials
History (0)

purl	pkg:deb/ubuntu/xmlrpc-c@1.06.27-1ubuntu3

Next non-vulnerable version	1.16.33-3.1ubuntu6
Latest non-vulnerable version	1.16.33-3.1ubuntu6
Risk	4.0

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-58hc-uzqc-aaas Aliases: CVE-2012-1148	Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.	1.16.33-3.1ubuntu6 Affected by 0 other vulnerabilities.
VCID-8dyd-depr-aaam Aliases: CVE-2009-3560	The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.	1.06.27-1ubuntu7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-c7e7-cdc7-aaam Aliases: CVE-2009-3720	The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.	1.06.27-1ubuntu7 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gx4q-9nac-aaab Aliases: CVE-2012-0876	The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.	1.16.33-3.1ubuntu6 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version