Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

XML-RPC Expat Crashes or Code Execution

USN-8313-1
Summary

The XML-RPC component in certain systems contains a flaw in the way it handles certain files. This could allow an attacker to intentionally make the system crash or run malicious code. It's essential to update or patch the affected systems to prevent potential issues.

What to do
  • Update canonical xmlrpc-c to version 1.33.06-0ubuntu1+esm1.
  • Update canonical xmlrpc-c to version 1.33.14-1ubuntu1+esm1.
  • Update canonical xmlrpc-c to version 1.33.14-8ubuntu0.18.04.1~esm1.
  • Update canonical xmlrpc-c to version 1.33.14-8ubuntu0.20.04.1~esm1.
  • Update canonical xmlrpc-c to version 1.33.14-10ubuntu0.1~esm1.
  • Update canonical xmlrpc-c to version 1.33.14-12ubuntu0.1~esm1.
Affected software
Ecosystem VendorProductAffected versions
Ubuntu:Pro:14.04:LTS canonical xmlrpc-c < 1.33.06-0ubuntu1+esm1
Fix: upgrade to 1.33.06-0ubuntu1+esm1
Ubuntu:Pro:16.04:LTS canonical xmlrpc-c < 1.33.14-1ubuntu1+esm1
Fix: upgrade to 1.33.14-1ubuntu1+esm1
Ubuntu:Pro:18.04:LTS canonical xmlrpc-c < 1.33.14-8ubuntu0.18.04.1~esm1
Fix: upgrade to 1.33.14-8ubuntu0.18.04.1~esm1
Ubuntu:Pro:20.04:LTS canonical xmlrpc-c < 1.33.14-8ubuntu0.20.04.1~esm1
Fix: upgrade to 1.33.14-8ubuntu0.20.04.1~esm1
Ubuntu:Pro:22.04:LTS canonical xmlrpc-c < 1.33.14-10ubuntu0.1~esm1
Fix: upgrade to 1.33.14-10ubuntu0.1~esm1
Ubuntu:Pro:24.04:LTS canonical xmlrpc-c < 1.33.14-12ubuntu0.1~esm1
Fix: upgrade to 1.33.14-12ubuntu0.1~esm1
Original title
xmlrpc-c vulnerabilities
Original description
It was discovered that Expat, vendored in XML-RPC, incorrectly handled
certain files. An attacker could possibly use this issue to cause a crash
or execute arbitrary code.
Published: 27 May 2026 · Updated: 27 May 2026 · First seen: 27 May 2026