Search CVE reports
201 – 210 of 498 results
Some fixes available 1 of 73
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.
8 affected packages
texmaker, blender, insighttoolkit4, qtwebengine-opensource-src, emscripten...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| emscripten | Ignored | Ignored | Ignored | Not in release | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service...
8 affected packages
blender, emscripten, insighttoolkit4, qtwebengine-opensource-src, texmaker...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| emscripten | Ignored | Ignored | Ignored | Not in release | Ignored |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 1 of 81
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
8 affected packages
emscripten, qtwebengine-opensource-src, texmaker, blender, insighttoolkit4...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| emscripten | Ignored | Ignored | Ignored | Not in release | Ignored |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Fixed |
Some fixes available 27 of 118
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable...
32 affected packages
apache2, ghostscript, libparagui1.1, poco, sitecopy...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| poco | Not affected | Not affected | Not affected | Not affected | Not affected |
| sitecopy | Needs evaluation | Not in release | Not affected | Not affected | Not affected |
| audacity | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| coin3 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| firefox | Not affected | Not affected | Not affected | Not in release | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | Not in release | Not affected |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libxmltok | Not in release | Fixed | Fixed | Fixed | Fixed |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
| simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that)....
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | — | Not affected |
It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the...
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | — | Fixed |
lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated...
1 affected package
lighttpd
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| lighttpd | — | — | — | — | Not affected |
It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system...
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | — | Fixed |
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside...
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | — | Fixed |
Some fixes available 7 of 20
LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.
4 affected packages
italc, libvncserver, tightvnc, x11vnc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| italc | Not in release | Not in release | Not in release | Not in release | Fixed |
| libvncserver | Not affected | Not affected | Not affected | Not affected | Fixed |
| tightvnc | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| x11vnc | Not affected | Not affected | Not affected | Not affected | Not affected |