Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
445
VMScore

CVE-2019-9628

Published: 11/04/2019 Updated: 18/04/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Xmltooling Project

Vulnerability Summary

It exists that XMLTooling incorrectly handled certain XML files with invalid data. An attacker could use this issue to cause XMLTooling to crash, resulting in a denial of service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xmltooling project xmltooling

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

opensuse leap 15.0

opensuse leap 42.3

Vendor Advisories

Debian CVElist Bug Report Logs: xmltooling: CVE-2019-9628: XML parser class fails to trap exceptions on malformed XML declaration
Debian Bug report logs - #924346 xmltooling: CVE-2019-9628: XML parser class fails to trap exceptions on malformed XML declaration Package: src:xmltooling; Maintainer for src:xmltooling is Debian Shib Team <pkg-shibboleth-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, ...
Ubuntu Security Notice: xmltooling vulnerability
xmltooling could be made to crash if it opened a specially crafted file ...
Debian Security Advisories: DSA-4407-1 xmltooling -- security update
Ross Geerlings discovered that the XMLTooling library didn't correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using XMLTooling For the stable distribution (stretch), this problem has been fixed in version 160-4+deb9u2 We recommend that you upgrade your xmltooling packages ...

References

CWE-755https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisorieshttps://usn.ubuntu.com/3921-1/https://shibboleth.net/community/advisories/secadv_20190311.txthttps://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00079.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00095.htmlhttps://security.netapp.com/advisory/ntap-20190611-0003/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924346https://usn.ubuntu.com/3921-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook