CVE-2019-9628

Publication date 12 March 2019

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

7.5 · High

Score breakdown

Description

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.

Status

Package Ubuntu Release Status
xmltooling 18.10 cosmic
Fixed 3.0.2-1ubuntu1.1
18.04 LTS bionic
Fixed 1.6.4-1ubuntu2.1
16.04 LTS xenial
Fixed 1.5.6-2ubuntu0.3
14.04 LTS trusty
Fixed 1.5.3-2+deb8u3ubuntu0.1

Severity score breakdown

CVSS version: CVSS v3.0

Base score 7.5 · High

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-3921-1
    • XMLTooling vulnerability
    • 26 March 2019

Other references

Access our resources on patching vulnerabilities