Search CVE reports


Toggle filters

261 – 270 of 3182 results


CVE-2026-25646

Medium priority
Fixed

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API...

5 affected packages

chromium-browser, firefox, libpng, libpng1.6, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
chromium-browser Not affected Not affected Not affected
firefox Not affected Not affected Not affected
libpng Not in release Not in release Not in release
libpng1.6 Fixed Fixed Fixed Fixed Fixed
thunderbird Not affected Not affected Not affected
Show less packages

CVE-2026-25210

Medium priority

Some fixes available 12 of 73

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Needs evaluation
expat Not affected Fixed Fixed Fixed Fixed
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
libxmltok Not in release Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored Needs evaluation
smart Not in release Not in release Not in release Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2026-24869

Medium priority
Not affected

Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2.

2 affected packages

firefox, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected
thunderbird Not affected Not affected
Show less packages

CVE-2026-24868

Medium priority
Not affected

Mitigation bypass in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 147.0.2.

2 affected packages

firefox, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected
thunderbird Not affected Not affected
Show less packages

CVE-2025-28164

Medium priority
Fixed

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.

5 affected packages

chromium-browser, firefox, libpng, libpng1.6, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
chromium-browser Not affected Not affected
firefox Not affected Not affected
libpng Not in release Not in release
libpng1.6 Fixed Not affected Not affected Not affected
thunderbird Not affected Not affected
Show less packages

CVE-2025-28162

Medium priority
Fixed

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (ASan), the program leaks memory in various locations, eventually leading to high...

5 affected packages

chromium-browser, firefox, libpng, libpng1.6, thunderbird

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
chromium-browser Not affected Not affected
firefox Not affected Not affected
libpng Not in release Not in release
libpng1.6 Fixed Not affected Not affected Not affected
thunderbird Not affected Not affected
Show less packages

CVE-2025-59375

Medium priority

Some fixes available 1 of 81

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Needs evaluation
expat Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
libxmltok Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
matanza Ignored Ignored Ignored Ignored Needs evaluation
smart Not in release Not in release Not in release Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2026-24515

Medium priority

Some fixes available 12 of 73

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

23 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release
cableswig Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Needs evaluation
expat Not affected Fixed Fixed Fixed Fixed
firefox Not affected Not affected Not affected
gdcm Not affected Not affected Not affected Not affected Needs evaluation
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
libxmltok Not in release Fixed Fixed Fixed Fixed
matanza Ignored Ignored Ignored Ignored Needs evaluation
smart Not in release Not in release Not in release Needs evaluation
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Needs evaluation
vtk Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 23 packages Show less packages

CVE-2026-0892

Medium priority
Needs evaluation

Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not affected
mozjs102 Not in release Ignored Ignored
mozjs115 Not in release Ignored Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Not in release Ignored
mozjs78 Not in release Not in release Ignored
mozjs91 Not in release Not in release Ignored
thunderbird Not affected Not affected Not affected
Show all 9 packages Show less packages

CVE-2026-0891

Medium priority

Some fixes available 1 of 11

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Not affected Not affected Not affected
mozjs102 Not in release Ignored Ignored
mozjs115 Not in release Ignored Not in release
mozjs38 Not in release Not in release Not in release Needs evaluation
mozjs52 Not in release Not in release Not in release Ignored Ignored
mozjs68 Not in release Not in release Not in release Ignored
mozjs78 Not in release Not in release Ignored
mozjs91 Not in release Not in release Ignored
thunderbird Not affected Not affected Fixed
Show all 9 packages Show less packages