Search CVE reports
81 – 90 of 105 results
Some fixes available 15 of 97
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to...
9 affected packages
blender, emscripten, gdcm, ghostscript, insighttoolkit4...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| emscripten | Ignored | Ignored | Ignored | Not in release | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 1 of 81
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.
8 affected packages
texmaker, blender, insighttoolkit4, qtwebengine-opensource-src, emscripten...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| emscripten | Ignored | Ignored | Ignored | Not in release | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service...
8 affected packages
blender, emscripten, insighttoolkit4, qtwebengine-opensource-src, texmaker...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| emscripten | Ignored | Ignored | Ignored | Not in release | Ignored |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 1 of 89
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
8 affected packages
emscripten, qtwebengine-opensource-src, texmaker, blender, insighttoolkit4...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| emscripten | Ignored | Ignored | Ignored | Not in release | Ignored |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Fixed |
Some fixes available 38 of 72
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
5 affected packages
chromium, db5.3, sqlite3, qtwebengine-opensource-src, sqlcipher
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| chromium | Not in release | Not in release | Not in release | Not in release | Not in release |
| db5.3 | Fixed | Fixed | Fixed | Fixed | Fixed |
| sqlite3 | Fixed | Fixed | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| sqlcipher | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
In libwebp 0.5.1, there is a double free bug in libwebpmux.
9 affected packages
godot, libwebp, mozjs60, qtimageformats-opensource-src, qtwebengine-opensource-src...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| godot | — | Not affected | Not affected | Not affected | Not in release |
| libwebp | — | Not affected | Not affected | Not affected | Not affected |
| mozjs60 | — | Not in release | Not in release | Not in release | Not in release |
| qtimageformats-opensource-src | — | Not affected | Not affected | Not affected | Not affected |
| qtwebengine-opensource-src | — | Not affected | Not affected | Not affected | Not affected |
| mozjs52 | — | Not in release | Not in release | Ignored | Ignored |
| firefox | — | Not affected | Not affected | Not in release | Not affected |
| mozjs38 | — | Not in release | Not in release | Not in release | Ignored |
| thunderbird | — | Not affected | Not affected | Not in release | Not affected |
In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212.
3 affected packages
qtwebengine-opensource-src, oxide-qt, chromium-browser
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| oxide-qt | Not in release | Not in release | Not in release | Not in release | Not in release |
| chromium-browser | Not affected | Not affected | Not affected | Not in release | Not affected |
In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in system_server with no additional execution privileges needed. User interaction is...
7 affected packages
chromium-browser, firefox, mozjs38, mozjs52, mozjs60...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | — | Not affected |
| firefox | — | — | — | — | Not affected |
| mozjs38 | — | — | — | — | Not affected |
| mozjs52 | — | — | — | — | Not affected |
| mozjs60 | — | — | — | — | Not in release |
| qtwebengine-opensource-src | — | — | — | — | Not affected |
| thunderbird | — | — | — | — | Not affected |
In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for...
7 affected packages
chromium-browser, firefox, mozjs38, mozjs52, mozjs60...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | — | Not affected |
| firefox | — | — | — | — | Not affected |
| mozjs38 | — | — | — | — | Not affected |
| mozjs52 | — | — | — | — | Not affected |
| mozjs60 | — | — | — | — | Not in release |
| qtwebengine-opensource-src | — | — | — | — | Not affected |
| thunderbird | — | — | — | — | Not affected |
In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in system_server with no additional execution privileges...
7 affected packages
firefox, mozjs38, chromium-browser, mozjs52, mozjs60...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | Not affected |
| mozjs38 | — | — | — | — | Not affected |
| chromium-browser | — | — | — | — | Not affected |
| mozjs52 | — | — | — | — | Not affected |
| mozjs60 | — | — | — | — | Not in release |
| qtwebengine-opensource-src | — | — | — | — | Not affected |
| thunderbird | — | — | — | — | Not affected |