CVE-2022-25235

Priority
Description
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation
of encoding, such as checks for whether a UTF-8 character is valid in a
certain context.
References
Assigned-to
leosilva
Notes
sbeattieparaview uses system expat
xotcl uses system expat
poco uses system expat
gdcm uses system expat
audacity uses system expat
simgear uses system expat
coin3 uses system expat as of 4.0.0~CMake~6f54f1602475+ds1-1
sitecopy uses system expat since 1:0.16.0-1 (dapper!)
Package
Upstream:needs-triage
Ubuntu 18.04 LTS:not-affected (code-not-compiled)
Ubuntu 20.04 LTS:not-affected (code-not-compiled)
Ubuntu 21.10:not-affected (code-not-compiled)
Ubuntu 16.04 ESM:not-affected (code-not-compiled)
Ubuntu 22.04 LTS:not-affected (code-not-compiled)
Ubuntu 14.04 ESM:not-affected (code-not-compiled)
Patches:
Package
Upstream:needs-triage
Ubuntu 18.04 LTS:not-affected (code-not-compiled)
Ubuntu 20.04 LTS:not-affected (code-not-compiled)
Ubuntu 21.10:not-affected (code-not-compiled)
Ubuntu 16.04 ESM:not-affected (code-not-compiled)
Ubuntu 22.04 LTS:not-affected (code-not-compiled)
Ubuntu 14.04 ESM:not-affected (code-not-compiled)
Patches:
Package
Source: ayttm (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:DNE
Ubuntu 21.10:DNE
Ubuntu 22.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:needs-triage
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:DNE
Ubuntu 21.10:DNE
Ubuntu 22.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:needs-triage
Ubuntu 18.04 LTS:needs-triage
Ubuntu 20.04 LTS:needs-triage
Ubuntu 21.10:needs-triage
Ubuntu 22.04 LTS:needs-triage
Ubuntu 14.04 ESM:DNE
Patches:
Package
Source: cmake (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 18.04 LTS:not-affected (code-not-compiled)
Ubuntu 20.04 LTS:not-affected (code-not-compiled)
Ubuntu 21.10:not-affected (code-not-compiled)
Ubuntu 16.04 ESM:not-affected (code-not-compiled)
Ubuntu 22.04 LTS:not-affected (code-not-compiled)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Source: coin3 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 18.04 LTS:needs-triage
Ubuntu 20.04 LTS:not-affected (uses system expat)
Ubuntu 21.10:not-affected (uses system expat)
Ubuntu 22.04 LTS:not-affected (uses system expat)
Ubuntu 14.04 ESM:needs-triage
Patches:
Package
Source: expat (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 18.04 LTS:released (2.2.5-3ubuntu0.4)
Ubuntu 20.04 LTS:released (2.2.9-1ubuntu0.2)
Ubuntu 21.10:released (2.4.1-2ubuntu0.1)
Ubuntu 16.04 ESM:released (2.1.0-7ubuntu0.16.04.5+esm2)
Ubuntu 22.04 LTS:released (2.4.5-2)
Ubuntu 14.04 ESM:released (2.1.0-4ubuntu1.4+esm4)
Patches:
Package
Priority: Low
Upstream:needs-triage
Ubuntu 18.04 LTS:needed
Ubuntu 20.04 LTS:needed
Ubuntu 21.10:needed
Ubuntu 16.04 ESM:needed
Ubuntu 22.04 LTS:released (1:1snap1-0ubuntu1)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Source: gdcm (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 18.04 LTS:not-affected (uses system expat)
Ubuntu 20.04 LTS:not-affected (uses system expat)
Ubuntu 21.10:not-affected (uses system expat)
Ubuntu 22.04 LTS:not-affected (uses system expat)
Ubuntu 14.04 ESM:not-affected (uses system expat)
Patches:
Package
Upstream:needs-triage
Ubuntu 18.04 LTS:not-affected (code-not-compiled)
Ubuntu 20.04 LTS:not-affected (code-not-compiled)
Ubuntu 21.10:not-affected (code-not-compiled)
Ubuntu 16.04 ESM:not-affected (code-not-compiled)
Ubuntu 22.04 LTS:not-affected (code-not-compiled)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:needs-triage
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:DNE
Ubuntu 21.10:DNE
Ubuntu 22.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:needs-triage
Ubuntu 18.04 LTS:needs-triage
Ubuntu 20.04 LTS:needs-triage
Ubuntu 21.10:needs-triage
Ubuntu 22.04 LTS:needs-triage
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:needs-triage
Ubuntu 18.04 LTS:needed
Ubuntu 20.04 LTS:needed
Ubuntu 21.10:needed
Ubuntu 22.04 LTS:needed
Patches:
Package
Upstream:needs-triage
Ubuntu 18.04 LTS:needs-triage
Ubuntu 20.04 LTS:needs-triage
Ubuntu 21.10:needs-triage
Ubuntu 22.04 LTS:needs-triage
Ubuntu 14.04 ESM:DNE
Patches:
Package
Source: smart (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 18.04 LTS:not-affected (code-not-compiled)
Ubuntu 20.04 LTS:DNE
Ubuntu 21.10:DNE
Ubuntu 22.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:needs-triage
Ubuntu 18.04 LTS:needs-triage
Ubuntu 20.04 LTS:needs-triage
Ubuntu 21.10:needs-triage
Ubuntu 22.04 LTS:needs-triage
Ubuntu 14.04 ESM:DNE
Patches:
Package
Source: tdom (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 18.04 LTS:needs-triage
Ubuntu 20.04 LTS:needs-triage
Ubuntu 21.10:needs-triage
Ubuntu 22.04 LTS:needs-triage
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:needs-triage
Ubuntu 18.04 LTS:not-affected (code-not-compiled)
Ubuntu 20.04 LTS:not-affected (code-not-compiled)
Ubuntu 21.10:not-affected (code-not-compiled)
Ubuntu 16.04 ESM:not-affected (code-not-compiled)
Ubuntu 22.04 LTS:not-affected (code-not-compiled)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Priority: Low
Upstream:needs-triage
Ubuntu 18.04 LTS:needed
Ubuntu 20.04 LTS:needed
Ubuntu 21.10:needed
Ubuntu 16.04 ESM:needed
Ubuntu 22.04 LTS:needs-triage
Ubuntu 14.04 ESM:DNE
Patches:
Package
Source: vnc4 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 18.04 LTS:needs-triage
Ubuntu 20.04 LTS:DNE
Ubuntu 21.10:DNE
Ubuntu 22.04 LTS:DNE
Ubuntu 14.04 ESM:needs-triage
Patches:
Package
Source: vtk (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:DNE
Ubuntu 21.10:DNE
Ubuntu 22.04 LTS:DNE
Ubuntu 14.04 ESM:needs-triage
Patches:
Package
Upstream:needs-triage
Ubuntu 18.04 LTS:needs-triage
Ubuntu 20.04 LTS:needs-triage
Ubuntu 21.10:needs-triage
Ubuntu 22.04 LTS:needs-triage
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:needs-triage
Ubuntu 18.04 LTS:needs-triage
Ubuntu 20.04 LTS:needs-triage
Ubuntu 21.10:needs-triage
Ubuntu 22.04 LTS:needs-triage
Ubuntu 14.04 ESM:needs-triage
Patches:
More Information

Updated: 2022-06-10 13:59:18 UTC (commit 22cd97abab61e5eccab4070a258ab5d6a94b972b)