Search CVE reports
371 – 380 of 893 results
Some fixes available 3 of 95
LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
8 affected packages
darktable, exactimage, dcraw, kodi, rawtherapee...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
| libraw | Not affected | Not affected | Not affected | Not affected | Not affected |
| ufraw | Not in release | Not in release | Not in release | Not in release | Ignored |
Some fixes available 4 of 96
A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.
8 affected packages
dcraw, exactimage, kodi, rawtherapee, libraw...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libraw | Not affected | Not affected | Not affected | Not affected | Not affected |
| ufraw | Not in release | Not in release | Not in release | Not in release | Ignored |
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 3 of 5
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.
1 affected package
wireshark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| wireshark | — | — | — | — | Fixed |
Some fixes available 3 of 5
In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation.
1 affected package
wireshark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| wireshark | — | — | — | — | Fixed |
Some fixes available 3 of 5
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
1 affected package
wireshark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| wireshark | — | — | — | — | Fixed |
Some fixes available 3 of 5
In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation.
1 affected package
wireshark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| wireshark | — | — | — | — | Fixed |
Some fixes available 4 of 80
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
8 affected packages
darktable, dcraw, kodi, xbmc, libraw...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| darktable | Not affected | Not affected | Not affected | Not affected | Not affected |
| dcraw | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| kodi | Needs evaluation | Needs evaluation | Not affected | Not affected | Not affected |
| xbmc | Not in release | Not in release | Not in release | Not in release | Not in release |
| libraw | Not affected | Not affected | Not affected | Not affected | Not affected |
| exactimage | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| rawtherapee | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| ufraw | Not in release | Not in release | Not in release | Not in release | Vulnerable |
Some fixes available 3 of 6
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability...
1 affected package
wireshark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| wireshark | — | — | — | — | Fixed |
Some fixes available 3 of 6
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding...
1 affected package
wireshark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| wireshark | — | — | — | — | Fixed |
Some fixes available 3 of 6
In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.
1 affected package
wireshark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| wireshark | — | — | — | — | Fixed |