CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
96.2%
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | audacity | < 1.3.2-1 | audacity_1.3.2-1_all.deb |
Debian | 11 | all | audacity | < 1.3.2-1 | audacity_1.3.2-1_all.deb |
Debian | 999 | all | audacity | < 1.3.2-1 | audacity_1.3.2-1_all.deb |
Debian | 13 | all | audacity | < 1.3.2-1 | audacity_1.3.2-1_all.deb |
Debian | 12 | all | cadaver | <= 0.24+dfsg-1 | cadaver_0.24+dfsg-1_all.deb |
Debian | 11 | all | cadaver | <= 0.23.3-2.1 | cadaver_0.23.3-2.1_all.deb |
Debian | 999 | all | cadaver | <= 0.24+dfsg-4 | cadaver_0.24+dfsg-4_all.deb |
Debian | 13 | all | cadaver | <= 0.24+dfsg-4 | cadaver_0.24+dfsg-4_all.deb |
Debian | 12 | all | cmake | < 2.6.0-6 | cmake_2.6.0-6_all.deb |
Debian | 11 | all | cmake | < 2.6.0-6 | cmake_2.6.0-6_all.deb |