Search CVE reports
101 – 110 of 271 results
Some fixes available 34 of 129
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
24 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| libxmltok | Not in release | Fixed | Fixed | Fixed | Fixed |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Fixed | Fixed | Ignored |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 39 of 330
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
50 affected packages
apache2, apr-util, astropy, audacity, ayttm...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| astropy | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| audacity | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coda | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| emboss | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| harp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| ibm-3270 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| insighttoolkit5 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| libsynthesis | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Not in release | Fixed | Fixed | Fixed | Fixed |
| mame | Fixed | Fixed | Fixed | Fixed | Fixed |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| opencollada | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| poco | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| python2.7 | Not in release | Not in release | Not affected | Not affected | Not affected |
| python3.10 | Not in release | Not in release | Not affected | Not in release | Not in release |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Not in release | Not affected |
| python3.7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| python3.8 | Not in release | Not in release | Not in release | Not affected | Not affected |
| python3.9 | Not in release | Not in release | Not in release | Not affected | Not in release |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| sitecopy | Needs evaluation | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | Not in release | Ignored |
| tla | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| visp | Needs evaluation | Needs evaluation | Needs evaluation | — | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc | — | — | — | — | — |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xsd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 26 of 116
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
24 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| libxmltok | Not in release | Not affected | Not affected | Not affected | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not affected | Not in release | Ignored |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | Not affected | Fixed | Fixed |
Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampled_data_sample (called from sampled_data_continue and interp).
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | Not affected | Fixed | Fixed |
A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands...
1 affected package
ghostscript
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | Fixed | Fixed | Not affected |
Some fixes available 4 of 59
Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option "-ImgDir" on a directory that contains 1048576 files.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Vulnerable | Vulnerable | Vulnerable |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Not affected | Not affected | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| texmaker | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 17 of 54
There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest...
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| insighttoolkit4 | Not in release | Not in release | Vulnerable | Vulnerable | Vulnerable |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| texmaker | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 16 of 67
A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this...
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Vulnerable |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 17 of 67
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to...
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |