CVE-2019-15903

Опубликовано: 04 сент. 2019

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5

CVSS3: 7.5

Описание

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Релиз	Статус	Примечание
bionic	not-affected	code-not-compiled
devel	not-affected	code-not-compiled
disco	not-affected	code-not-compiled
eoan	not-affected	code-not-compiled
esm-infra-legacy/trusty	not-affected	code-not-compiled
esm-infra/bionic	not-affected	code-not-compiled
esm-infra/focal	not-affected	code-not-compiled
esm-infra/xenial	not-affected	code-not-compiled
focal	not-affected	code-not-compiled
groovy	not-affected	code-not-compiled

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	code-not-compiled
devel	not-affected	code-not-compiled
disco	not-affected	code-not-compiled
eoan	not-affected	code-not-compiled
esm-infra-legacy/trusty	not-affected	code-not-compiled
esm-infra/bionic	not-affected	code-not-compiled
esm-infra/focal	not-affected	code-not-compiled
esm-infra/xenial	not-affected	code-not-compiled
focal	not-affected	code-not-compiled
groovy	not-affected	code-not-compiled

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	uses system expat
devel	not-affected	uses system expat
disco	not-affected	uses system expat
eoan	not-affected	uses system expat
esm-apps/bionic	not-affected	uses system expat
esm-apps/focal	not-affected	uses system expat
esm-apps/jammy	not-affected	uses system expat
esm-apps/noble	not-affected	uses system expat
esm-apps/xenial	not-affected	uses system expat
esm-infra-legacy/trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
groovy	DNE
hirsute	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
groovy	DNE
hirsute	DNE

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	needs-triage
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	released	78.0.3904.70-0ubuntu0.18.04.2
devel	released	78.0.3904.70-0ubuntu1
disco	released	78.0.3904.70-0ubuntu0.19.04.4
eoan	released	79.0.3945.79-0ubuntu0.19.10.2
esm-apps/noble	released	78.0.3904.70-0ubuntu1
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE	focal was released [78.0.3904.70-0ubuntu1]
focal	released	78.0.3904.70-0ubuntu1
groovy	released	78.0.3904.70-0ubuntu1
hirsute	released	78.0.3904.70-0ubuntu1

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	code-not-compiled
devel	not-affected	code-not-compiled
disco	not-affected	code-not-compiled
eoan	not-affected	code-not-compiled
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	code-not-compiled
esm-infra/focal	not-affected	code-not-compiled
esm-infra/xenial	not-affected	code-not-compiled
focal	not-affected	code-not-compiled
groovy	not-affected	code-not-compiled

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
devel	not-affected	uses system expat
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	needed
esm-apps/focal	not-affected	uses system expat
esm-apps/jammy	not-affected	uses system expat
esm-apps/noble	not-affected	uses system expat
esm-apps/xenial	needed
esm-infra-legacy/trusty	needed

Показывать по

Релиз	Статус	Примечание
bionic	released	2.2.5-3ubuntu0.2
devel	not-affected	2.2.7-2
disco	released	2.2.6-1ubuntu0.19.5
eoan	not-affected	2.2.7-2
esm-infra-legacy/trusty	released	2.1.0-4ubuntu1.4+esm2
esm-infra/bionic	released	2.2.5-3ubuntu0.2
esm-infra/focal	not-affected	2.2.7-2
esm-infra/xenial	released	2.1.0-7ubuntu0.16.04.5
focal	not-affected	2.2.7-2
groovy	not-affected	2.2.7-2

Показывать по

Релиз	Статус	Примечание
bionic	released	70.0+build2-0ubuntu0.18.04.1
devel	released	70.0+build2-0ubuntu1
disco	released	70.0+build2-0ubuntu0.19.04.1
eoan	released	70.0+build2-0ubuntu0.19.10.1
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	released	70.0+build2-0ubuntu1
groovy	released	70.0+build2-0ubuntu1
hirsute	released	70.0+build2-0ubuntu1
impish	released	70.0+build2-0ubuntu1

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	uses system expat
devel	not-affected	uses system expat
disco	not-affected	uses system expat
eoan	not-affected	uses system expat
esm-apps/bionic	not-affected	uses system expat
esm-apps/focal	not-affected	uses system expat
esm-apps/jammy	not-affected	uses system expat
esm-apps/noble	not-affected	uses system expat
esm-apps/xenial	not-affected	uses system expat
esm-infra-legacy/trusty	not-affected	uses system expat

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	code-not-compiled
devel	not-affected	code-not-compiled
disco	not-affected	code-not-compiled
eoan	not-affected	code-not-compiled
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	code-not-compiled
esm-infra/focal	not-affected	code-not-compiled
esm-infra/xenial	not-affected	code-not-compiled
focal	not-affected	code-not-compiled
groovy	not-affected	code-not-compiled

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
groovy	DNE
hirsute	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	uses system expat
devel	DNE
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	not-affected	uses system expat
esm-apps/focal	not-affected	uses system expat
esm-apps/jammy	not-affected	uses system expat
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	DNE
focal	not-affected	uses system expat

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
groovy	DNE
hirsute	DNE
impish	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
groovy	DNE
hirsute	DNE
impish	DNE

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
devel	DNE
esm-apps/bionic	released	1.2-4ubuntu0.18.04.1~esm4
esm-apps/focal	released	1.2-4ubuntu0.20.04.1~esm4
esm-apps/jammy	released	1.2-4ubuntu0.22.04.1~esm4
esm-apps/noble	released	1.2-4.1ubuntu2.24.0.4.1+esm2
esm-apps/xenial	released	1.2-3ubuntu0.16.04.1~esm2
focal	ignored	end of standard support, was needed
hirsute	ignored	end of life
impish	ignored	end of life

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	ignored
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	ignored
esm-apps/focal	ignored
esm-apps/jammy	ignored
esm-apps/noble	ignored
esm-apps/xenial	ignored
esm-infra-legacy/trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	uses system expat
devel	not-affected	uses system expat
disco	not-affected	uses system expat
eoan	not-affected	uses system expat
esm-apps/bionic	not-affected	uses system expat
esm-apps/focal	not-affected	uses system expat
esm-apps/jammy	not-affected	uses system expat
esm-apps/noble	not-affected	uses system expat
esm-apps/xenial	not-affected	uses system expat
esm-infra-legacy/trusty	not-affected	uses system expat

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	uses system expat
devel	not-affected	uses system expat
disco	not-affected	uses system expat
eoan	not-affected	uses system expat
esm-apps/bionic	not-affected	uses system expat
esm-apps/focal	not-affected	uses system expat
esm-apps/jammy	not-affected	uses system expat
esm-apps/noble	not-affected	uses system expat
esm-apps/xenial	not-affected	uses system expat
esm-infra-legacy/trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	needs-triage
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	DNE
focal	ignored	end of standard support, was needs-triage

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	code-not-compiled
devel	DNE
disco	not-affected	code-not-compiled
eoan	not-affected	code-not-compiled
esm-apps/bionic	not-affected	code-not-compiled
esm-apps/xenial	not-affected	code-not-compiled
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
groovy	DNE

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	needs-triage
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	needs-triage
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	code-not-compiled
devel	not-affected	code-not-compiled
disco	not-affected	code-not-compiled
eoan	not-affected	code-not-compiled
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	code-not-compiled
esm-infra/focal	not-affected	code-not-compiled
esm-infra/xenial	not-affected	code-not-compiled
focal	not-affected	code-not-compiled
groovy	not-affected	code-not-compiled

Показывать по

Релиз	Статус	Примечание
bionic	released	1:68.2.1+build1-0ubuntu0.18.04.1
devel	released	1:68.2.0+build1.1-0ubuntu1
disco	ignored	end of life
eoan	released	1:68.2.1+build1-0ubuntu0.19.10.1
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	released	1:68.2.0+build1.1-0ubuntu1
groovy	released	1:68.2.0+build1.1-0ubuntu1
hirsute	released	1:68.2.0+build1.1-0ubuntu1
impish	released	1:68.2.0+build1.1-0ubuntu1

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
devel	DNE
disco	not-affected	code not present
eoan	not-affected	code not present
esm-apps/bionic	needed
esm-apps/xenial	needed
esm-infra-legacy/trusty	needed
esm-infra/focal	DNE
focal	DNE
groovy	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-apps/xenial	released	5.10.1+dfsg-2.1ubuntu0.1~esm1
esm-infra-legacy/trusty	released	5.8.0-14.1ubuntu3+esm1
esm-infra/focal	DNE
focal	DNE
groovy	DNE
hirsute	DNE

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	needs-triage
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
groovy	DNE
hirsute	DNE
impish	DNE

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
devel	needed
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	needed
esm-apps/focal	needed
esm-apps/jammy	needed
esm-apps/noble	needed
esm-apps/xenial	needed
esm-infra-legacy/trusty	needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 47%

0.00244

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2019-15903

CVSS3: 7.5

redhat

около 6 лет назад

CVE-2019-15903

CVSS3: 7.5

nvd

около 6 лет назад

CVE-2019-15903

CVSS3: 7.5

msrc

почти 4 года назад

In libexpat before 2.2.8 crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

CVE-2019-15903

CVSS3: 7.5

debian

около 6 лет назад

In libexpat before 2.2.8, crafted XML input could fool the parser into ...

openSUSE-SU-2019:2205-1

suse-cvrf

около 6 лет назад

Security update for expat

EPSS

Процентиль: 47%

0.00244

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2019-15903

Описание

Пакет apache2

Пакет apr-util

Пакет audacity

Пакет ayttm

Пакет cableswig

Пакет cadaver

Пакет chromium-browser

Пакет cmake

Пакет coin3

Пакет expat

Пакет firefox

Пакет gdcm

Пакет ghostscript

Пакет insighttoolkit

Пакет insighttoolkit4

Пакет kompozer

Пакет libparagui1.1

Пакет libxmltok

Пакет matanza

Пакет poco

Пакет simgear

Пакет sitecopy

Пакет smart

Пакет swish-e

Пакет tdom

Пакет texlive-bin

Пакет thunderbird

Пакет vnc4

Пакет vtk

Пакет wbxml2

Пакет wxwidgets2.8

Пакет xmlrpc-c

Ссылки на источники

Связанные уязвимости