Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2024-45490)
Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle the potential for an integer overflow on 32-bit platforms. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2024-45491)
{ "binaries": [ { "binary_name": "libxmltok1", "binary_version": "1.2-3ubuntu0.16.04.1~esm4" }, { "binary_name": "libxmltok1-dbgsym", "binary_version": "1.2-3ubuntu0.16.04.1~esm4" }, { "binary_name": "libxmltok1-dev", "binary_version": "1.2-3ubuntu0.16.04.1~esm4" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }
{ "binaries": [ { "binary_name": "libxmltok1", "binary_version": "1.2-4ubuntu0.18.04.1~esm3" }, { "binary_name": "libxmltok1-dbgsym", "binary_version": "1.2-4ubuntu0.18.04.1~esm3" }, { "binary_name": "libxmltok1-dev", "binary_version": "1.2-4ubuntu0.18.04.1~esm3" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }
{ "binaries": [ { "binary_name": "libxmltok1", "binary_version": "1.2-4ubuntu0.20.04.1~esm3" }, { "binary_name": "libxmltok1-dbgsym", "binary_version": "1.2-4ubuntu0.20.04.1~esm3" }, { "binary_name": "libxmltok1-dev", "binary_version": "1.2-4ubuntu0.20.04.1~esm3" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }
{ "binaries": [ { "binary_name": "libxmltok1", "binary_version": "1.2-4ubuntu0.22.04.1~esm3" }, { "binary_name": "libxmltok1-dbgsym", "binary_version": "1.2-4ubuntu0.22.04.1~esm3" }, { "binary_name": "libxmltok1-dev", "binary_version": "1.2-4ubuntu0.22.04.1~esm3" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }