CVE-2022-25236 · cross-distro fix matrix

CVE-2022-25236: It was discovered that Expat, vendored in ITK incorrectly handled certain

Affects 7 Linux releases across 50 (distro × package) combinations. First disclosed: 2026-05-07.

Fix per ecosystem

Each block below is a distro release where CVE-2022-25236 has a known fix. Run the listed command on that distro to remediate.

Ubuntu xenial

Source: Ubuntu USN

insighttoolkit→ fixed in3.20.1+git20120521-6ubuntu0.1~esm1USN-8235-1
```
sudo apt-get install --only-upgrade -y insighttoolkit
```
insighttoolkit3-examples→ fixed in3.20.1+git20120521-6ubuntu0.1~esm1USN-8235-1
```
sudo apt-get install --only-upgrade -y insighttoolkit3-examples
```
libinsighttoolkit3-dev→ fixed in3.20.1+git20120521-6ubuntu0.1~esm1USN-8235-1
```
sudo apt-get install --only-upgrade -y libinsighttoolkit3-dev
```
libinsighttoolkit3.20→ fixed in3.20.1+git20120521-6ubuntu0.1~esm1USN-8235-1
```
sudo apt-get install --only-upgrade -y libinsighttoolkit3.20
```
swish-e→ fixed in2.4.7-4ubuntu0.1~esm1USN-8240-1
```
sudo apt-get install --only-upgrade -y swish-e
```
swish-e-dev→ fixed in2.4.7-4ubuntu0.1~esm1USN-8240-1
```
sudo apt-get install --only-upgrade -y swish-e-dev
```
coin3→ fixed in3.1.4~abc9f50+dfsg1-1ubuntu0.1~esm2USN-8241-1
```
sudo apt-get install --only-upgrade -y coin3
```
libcoin80-dev→ fixed in3.1.4~abc9f50+dfsg1-1ubuntu0.1~esm2USN-8241-1
```
sudo apt-get install --only-upgrade -y libcoin80-dev
```
libcoin80-doc→ fixed in3.1.4~abc9f50+dfsg1-1ubuntu0.1~esm2USN-8241-1
```
sudo apt-get install --only-upgrade -y libcoin80-doc
```
libcoin80-runtime→ fixed in3.1.4~abc9f50+dfsg1-1ubuntu0.1~esm2USN-8241-1
```
sudo apt-get install --only-upgrade -y libcoin80-runtime
```
libcoin80v5→ fixed in3.1.4~abc9f50+dfsg1-1ubuntu0.1~esm2USN-8241-1
```
sudo apt-get install --only-upgrade -y libcoin80v5
```

Ubuntu bionic

Source: Ubuntu USN

swish-e→ fixed in2.4.7-5ubuntu1+esm1USN-8240-1
```
sudo apt-get install --only-upgrade -y swish-e
```
swish-e-dev→ fixed in2.4.7-5ubuntu1+esm1USN-8240-1
```
sudo apt-get install --only-upgrade -y swish-e-dev
```
coin3→ fixed in3.1.4~abc9f50+dfsg3-2ubuntu0.1~esm1USN-8241-1
```
sudo apt-get install --only-upgrade -y coin3
```
libcoin80-dev→ fixed in3.1.4~abc9f50+dfsg3-2ubuntu0.1~esm1USN-8241-1
```
sudo apt-get install --only-upgrade -y libcoin80-dev
```
libcoin80-doc→ fixed in3.1.4~abc9f50+dfsg3-2ubuntu0.1~esm1USN-8241-1
```
sudo apt-get install --only-upgrade -y libcoin80-doc
```
libcoin80-runtime→ fixed in3.1.4~abc9f50+dfsg3-2ubuntu0.1~esm1USN-8241-1
```
sudo apt-get install --only-upgrade -y libcoin80-runtime
```
libcoin80v5→ fixed in3.1.4~abc9f50+dfsg3-2ubuntu0.1~esm1USN-8241-1
```
sudo apt-get install --only-upgrade -y libcoin80v5
```
xmlrpc-c→ fixed in1.33.14-8ubuntu0.18.04.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y xmlrpc-c
```
libxmlrpc-c++8-dev→ fixed in1.33.14-8ubuntu0.18.04.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y libxmlrpc-c++8-dev
```
libxmlrpc-c++8v5→ fixed in1.33.14-8ubuntu0.18.04.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y libxmlrpc-c++8v5
```
libxmlrpc-core-c3→ fixed in1.33.14-8ubuntu0.18.04.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y libxmlrpc-core-c3
```
libxmlrpc-core-c3-dev→ fixed in1.33.14-8ubuntu0.18.04.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y libxmlrpc-core-c3-dev
```
xmlrpc-api-utils→ fixed in1.33.14-8ubuntu0.18.04.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y xmlrpc-api-utils
```

Ubuntu focal

Source: Ubuntu USN

swish-e→ fixed in2.4.7-6ubuntu0.1~esm1USN-8240-1
```
sudo apt-get install --only-upgrade -y swish-e
```
swish-e-dev→ fixed in2.4.7-6ubuntu0.1~esm1USN-8240-1
```
sudo apt-get install --only-upgrade -y swish-e-dev
```
xmlrpc-c→ fixed in1.33.14-8ubuntu0.20.04.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y xmlrpc-c
```
libxmlrpc-c++8-dev→ fixed in1.33.14-8ubuntu0.20.04.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y libxmlrpc-c++8-dev
```
libxmlrpc-c++8v5→ fixed in1.33.14-8ubuntu0.20.04.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y libxmlrpc-c++8v5
```
libxmlrpc-core-c3→ fixed in1.33.14-8ubuntu0.20.04.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y libxmlrpc-core-c3
```
libxmlrpc-core-c3-dev→ fixed in1.33.14-8ubuntu0.20.04.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y libxmlrpc-core-c3-dev
```
xmlrpc-api-utils→ fixed in1.33.14-8ubuntu0.20.04.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y xmlrpc-api-utils
```

Ubuntu jammy

Source: Ubuntu USN

swish-e→ fixed in2.4.7-6.1ubuntu0.1~esm1USN-8240-1
```
sudo apt-get install --only-upgrade -y swish-e
```
swish-e-dev→ fixed in2.4.7-6.1ubuntu0.1~esm1USN-8240-1
```
sudo apt-get install --only-upgrade -y swish-e-dev
```
xmlrpc-c→ fixed in1.33.14-10ubuntu0.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y xmlrpc-c
```
libxmlrpc-c++8-dev→ fixed in1.33.14-10ubuntu0.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y libxmlrpc-c++8-dev
```
libxmlrpc-c++8v5→ fixed in1.33.14-10ubuntu0.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y libxmlrpc-c++8v5
```
libxmlrpc-core-c3→ fixed in1.33.14-10ubuntu0.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y libxmlrpc-core-c3
```
libxmlrpc-core-c3-dev→ fixed in1.33.14-10ubuntu0.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y libxmlrpc-core-c3-dev
```
xmlrpc-api-utils→ fixed in1.33.14-10ubuntu0.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y xmlrpc-api-utils
```

Ubuntu noble

Source: Ubuntu USN

swish-e→ fixed in2.4.7-6.2ubuntu0.1~esm1USN-8240-1
```
sudo apt-get install --only-upgrade -y swish-e
```
swish-e-dev→ fixed in2.4.7-6.2ubuntu0.1~esm1USN-8240-1
```
sudo apt-get install --only-upgrade -y swish-e-dev
```
xmlrpc-c→ fixed in1.33.14-12ubuntu0.1~esm1USN-8313-1
```
sudo apt-get install --only-upgrade -y xmlrpc-c
```

Ubuntu resolute

Source: Ubuntu USN

swish-e→ fixed in2.4.7-7.1ubuntu0.1~esm1USN-8240-1
```
sudo apt-get install --only-upgrade -y swish-e
```
swish-e-dev→ fixed in2.4.7-7.1ubuntu0.1~esm1USN-8240-1
```
sudo apt-get install --only-upgrade -y swish-e-dev
```

Ubuntu trusty

Source: Ubuntu USN

coin3→ fixed in3.1.4~abc9f50-4ubuntu2+esm2USN-8241-1
```
sudo apt-get install --only-upgrade -y coin3
```
libcoin80→ fixed in3.1.4~abc9f50-4ubuntu2+esm2USN-8241-1
```
sudo apt-get install --only-upgrade -y libcoin80
```
libcoin80-dev→ fixed in3.1.4~abc9f50-4ubuntu2+esm2USN-8241-1
```
sudo apt-get install --only-upgrade -y libcoin80-dev
```
libcoin80-doc→ fixed in3.1.4~abc9f50-4ubuntu2+esm2USN-8241-1
```
sudo apt-get install --only-upgrade -y libcoin80-doc
```
libcoin80-runtime→ fixed in3.1.4~abc9f50-4ubuntu2+esm2USN-8241-1
```
sudo apt-get install --only-upgrade -y libcoin80-runtime
```

Are YOU affected by CVE-2022-25236?

5-second check on your actual server. Reads /etc/os-release, uname -r, and the distro's package manager; matches against this same cross-source index live.

curl https://mindsparkstack.com/scan.sh | bash

Form-based quickscan View on NVD

Continuous monitoring beats manual checking

CVE-2022-25236dropped silently in your distro's update channel. Every new CVE is the same story. StackPatch runs the matcher hourly against all 5 sources and emails the exact remediation when something new applies to one of your servers. $99 lifetime, 50 founder seats, 30-day refund.

See StackPatch ($99 lifetime)