Search CVE reports
131 – 140 of 254 results
Some fixes available 2 of 64
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
8 affected packages
qtwebengine-opensource-src, blender, gdcm, ghostscript, insighttoolkit4...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Not affected | Not affected | Not affected | Fixed |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 59 of 199
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a...
32 affected packages
insighttoolkit4, cadaver, insighttoolkit, audacity, ayttm...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release |
| audacity | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release |
| chromium-browser | Fixed | Fixed | Fixed | Fixed |
| sitecopy | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| coin3 | Not affected | Not affected | Not affected | Vulnerable |
| firefox | Fixed | Fixed | Fixed | Fixed |
| matanza | Ignored | Ignored | Ignored | Ignored |
| smart | Not in release | Not in release | Not in release | Not affected |
| libxmltok | Fixed | Fixed | Fixed | Fixed |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| vtk | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release |
| vnc4 | Not in release | Not in release | Not in release | Vulnerable |
| expat | Not affected | Not affected | Not affected | Fixed |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| kompozer | Not in release | Not in release | Not in release | Not in release |
| libparagui1.1 | Not in release | Not in release | Not in release | Not in release |
| poco | Not affected | Not affected | Not affected | Not affected |
| simgear | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
| wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release |
A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted...
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | Fixed |
A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript...
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | Fixed |
A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted...
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | Fixed |
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted...
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | Fixed |
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted...
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | Fixed |
Some fixes available 14 of 95
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to...
9 affected packages
blender, emscripten, gdcm, ghostscript, insighttoolkit4...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| emscripten | Ignored | Ignored | Not in release | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 26 of 127
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable...
32 affected packages
apache2, ghostscript, libparagui1.1, poco, sitecopy...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| libparagui1.1 | Not in release | Not in release | Not in release | Not in release |
| poco | Not affected | Not affected | Not affected | Not affected |
| sitecopy | Not in release | Not affected | Not affected | Not affected |
| audacity | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release |
| coin3 | Not affected | Not affected | Not affected | Vulnerable |
| firefox | Not affected | Not affected | Not in release | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored |
| smart | Not in release | Not in release | Not in release | Not affected |
| tdom | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not in release | Not affected |
| vtk | Not in release | Not in release | Not in release | Not in release |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Fixed | Fixed | Fixed | Fixed |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| expat | Fixed | Fixed | Fixed | Fixed |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
| kompozer | Not in release | Not in release | Not in release | Not in release |
| simgear | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Vulnerable |
| wbxml2 | Not affected | Not affected | Not affected | Not affected |
| wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release |
Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that)....
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | Not affected |