USN-7307-1: xmltok library vulnerability

🗓️ 26 Feb 2025 22:33:09Reported by UbuntuType

ubuntu

ubuntu🔗 ubuntu.com👁 14 Views

Vulnerability in xmltok library allows denial of service via crafted XML files on Ubuntu systems.

Reporter	Title	Published	Views	Family All 126
IBM Security Bulletins	Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple expat vulnerabilities	18 Jun 201801:32	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in cracklib, dhcp, expat, libgcrypt and lighttpd affect IBM Flex System Chassis Management Module (CMM)	31 Jan 201902:25	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Open Source Expact affect Tivoli Network Manager IP Edition	17 Jun 201815:34	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Denial of Service vulnerabilities with Expat may affect IBM HTTP Server	8 Sep 202200:09	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Denial of Service vulnerabilities with Expat might affect IBM HTTP Server used with IBM Security Network Protection	16 Jun 201821:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Expat XML Parser vulnerabilities in Prospect	17 Jun 201815:27	–	ibm
IBM Security Bulletins	WebSphere Application Server and IBM HTTP Server Security Bulletin List	13 Jul 202218:04	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM HTTP Server that is shipped with IBM Rational ClearQuest (CVE-2012-0876, CVE-2012-1148, CVE-2016-4472, CVE-2016-0718)	4 Feb 202016:40	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix	15 Jun 201807:06	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities in Expat affect IBM Netezza Analytics	18 Oct 201903:10	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	18.04	any	libxmltok1	1.2-4ubuntu0.18.04.1~esm5	libxmltok1_1.2-4ubuntu0.18.04.1~esm5_any.deb
Ubuntu	20.04	any	libxmltok1	1.2-4ubuntu0.20.04.1~esm5	libxmltok1_1.2-4ubuntu0.20.04.1~esm5_any.deb
Ubuntu	22.04	any	libxmltok1	1.2-4ubuntu0.22.04.1~esm5	libxmltok1_1.2-4ubuntu0.22.04.1~esm5_any.deb
Ubuntu	24.04	any	libxmltok1-dev	1.2-4.1ubuntu2.24.0.4.1+esm3	libxmltok1-dev_1.2-4.1ubuntu2.24.0.4.1+esm3_any.deb
Ubuntu	24.10	any	libxmltok1-dev	1.2-4.1ubuntu3.2	libxmltok1-dev_1.2-4.1ubuntu3.2_any.deb
Ubuntu	18.04	any	libxmltok1-dev	1.2-4ubuntu0.18.04.1~esm5	libxmltok1-dev_1.2-4ubuntu0.18.04.1~esm5_any.deb
Ubuntu	20.04	any	libxmltok1-dev	1.2-4ubuntu0.20.04.1~esm5	libxmltok1-dev_1.2-4ubuntu0.20.04.1~esm5_any.deb
Ubuntu	22.04	any	libxmltok1-dev	1.2-4ubuntu0.22.04.1~esm5	libxmltok1-dev_1.2-4ubuntu0.22.04.1~esm5_any.deb
Ubuntu	24.04	any	libxmltok1t64	1.2-4.1ubuntu2.24.0.4.1+esm3	libxmltok1t64_1.2-4.1ubuntu2.24.0.4.1+esm3_any.deb

26 Feb 2025 22:33Current

6.8Medium risk

Vulners AI Score6.8

CVSS 25

EPSS0.00973

xmltok library denial of service memory reallocation ubuntu releases expat vulnerability