Search CVE reports
211 – 220 of 498 results
An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c,...
3 affected packages
openjpeg, openjpeg2, ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Vulnerable |
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | — | Fixed |
In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file.
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | — | Fixed |
In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the...
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | — | Fixed |
Some fixes available 8 of 22
LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information...
5 affected packages
tightvnc, italc, libvncserver, ssvnc, x11vnc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tightvnc | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| italc | Not in release | Not in release | Not in release | Not in release | Fixed |
| libvncserver | Not affected | Not affected | Not affected | Not affected | Fixed |
| ssvnc | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| x11vnc | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 8 of 22
LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM
5 affected packages
italc, tightvnc, libvncserver, ssvnc, x11vnc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| italc | Not in release | Not in release | Not in release | Not in release | Fixed |
| tightvnc | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libvncserver | Not affected | Not affected | Not affected | Not affected | Fixed |
| ssvnc | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| x11vnc | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 8 of 22
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution
5 affected packages
tightvnc, libvncserver, x11vnc, italc, ssvnc
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tightvnc | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libvncserver | Not affected | Not affected | Not affected | Not affected | Fixed |
| x11vnc | Not affected | Not affected | Not affected | Not affected | Not affected |
| italc | Not in release | Not in release | Not in release | Not in release | Fixed |
| ssvnc | Not affected | Not affected | Not affected | Not affected | Vulnerable |
It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially...
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | — | Not affected |
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | — | Fixed |
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | — | Fixed |