Search CVE reports
21 – 30 of 105 results
Some fixes available 11 of 30
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
4 affected packages
tiff, qtwebengine-opensource-src, texmaker, gdal
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tiff | Fixed | Fixed | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdal | Not affected | Not affected | Not affected | Not affected | Not affected |
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a...
5 affected packages
tiff, qtwebengine-opensource-src, texmaker, gdal, neuron
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tiff | — | — | Ignored | Ignored | Ignored |
| qtwebengine-opensource-src | — | — | Ignored | Ignored | Ignored |
| texmaker | — | — | Ignored | Ignored | Ignored |
| gdal | — | — | Not affected | Not affected | Not affected |
| neuron | — | — | Ignored | Ignored | Ignored |
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that...
2 affected packages
npm, qtwebengine-opensource-src
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| npm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.
2 affected packages
qt6-webengine, qtwebengine-opensource-src
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| qt6-webengine | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
Some fixes available 6 of 118
In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData.
12 affected packages
asymptote, godot, goxel, love, mame...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| asymptote | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| godot | Not in release | Not affected | Not affected | Not affected | — |
| goxel | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| love | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| mame | Vulnerable | Fixed | Fixed | Fixed | Fixed |
| psychtoolbox-3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qt6-webengine | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| rbdoom3bfg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| renderdoc | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
| tinyexr | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| chromium-browser | Not affected | Not affected | Not affected | Not in release | Not affected |
Some fixes available 10 of 35
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
13 affected packages
harfbuzz, icedtea-web, openjdk-12, openjdk-13, openjdk-15...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| harfbuzz | Fixed | Fixed | Fixed | Fixed | Not affected |
| icedtea-web | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjdk-12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjdk-13 | Not in release | Not in release | Not in release | Not affected | Not in release |
| openjdk-15 | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjdk-16 | Not in release | Not in release | Not in release | Not affected | Not in release |
| openjdk-17 | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjdk-18 | Not in release | Not in release | Not affected | Not in release | Not in release |
| openjdk-8 | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjdk-9 | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjdk-lts | Not affected | Not affected | Not affected | Not affected | Not affected |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qt6-base | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
Some fixes available 4 of 49
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls...
7 affected packages
insighttoolkit4, openjpeg2, ghostscript, blender, openjpeg...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg2 | Not affected | Not affected | Fixed | Fixed | Fixed |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 9 of 65
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled...
7 affected packages
openjpeg2, blender, ghostscript, insighttoolkit4, openjpeg...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 39 of 330
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
50 affected packages
apr-util, audacity, ayttm, cableswig, cadaver...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| audacity | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coda | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| emboss | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| libxmltok | Not in release | Fixed | Fixed | Fixed | Fixed |
| harp | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| ibm-3270 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit5 | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
| libsynthesis | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| mame | Fixed | Fixed | Fixed | Fixed | Fixed |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| opencollada | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| poco | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| python2.7 | Not in release | Not in release | Not affected | Not affected | Not affected |
| python3.10 | Not in release | Not in release | Not affected | Not in release | Not in release |
| python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Not in release | Not affected |
| python3.7 | Not in release | Not in release | Not in release | Not in release | Not affected |
| python3.8 | Not in release | Not in release | Not in release | Not affected | Not affected |
| python3.9 | Not in release | Not in release | Not in release | Not affected | Not in release |
| thunderbird | Not affected | Not affected | Not affected | Not in release | Ignored |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| sitecopy | Needs evaluation | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| tla | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| visp | Needs evaluation | Needs evaluation | Needs evaluation | — | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc | — | — | — | — | — |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xsd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| astropy | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity.
2 affected packages
qtwebengine-opensource-src, ffmpeg
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |