Search CVE reports
61 – 70 of 86 results
Some fixes available 17 of 30
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running...
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| texmaker | Not affected | Not affected | Not affected | Not affected | Not affected |
| qtwebengine-opensource-src | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Not affected |
Some fixes available 17 of 64
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
7 affected packages
ghostscript, openjpeg, openjpeg2, blender, insighttoolkit4...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
Some fixes available 17 of 69
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
7 affected packages
texmaker, blender, ghostscript, insighttoolkit4, openjpeg...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
Some fixes available 5 of 59
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param"...
17 affected packages
blender, chromium-browser, ivtools, xloadimage, neuron...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Not affected | Not affected | Not affected | Not affected | Not affected |
| chromium-browser | Not affected | Not affected | Not affected | Not in release | Not affected |
| ivtools | Not affected | Not affected | Not affected | Not affected | Not affected |
| xloadimage | Not affected | Not affected | Not affected | Not affected | Not affected |
| neuron | Not affected | Not affected | Needs evaluation | Ignored | Ignored |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| qt4-x11 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tiff | Not affected | Not affected | Not affected | Not affected | Fixed |
| qtimageformats-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| gdal | Not affected | Not affected | Not affected | Not affected | Not affected |
| libtk-img | Not affected | Not affected | Not affected | Not affected | Not affected |
| paraview | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
| povray | Not affected | Not affected | Not affected | Not affected | Not affected |
| sfftobmp | Not in release | Not affected | Not affected | Not affected | Not affected |
Some fixes available 2 of 54
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
8 affected packages
qtwebengine-opensource-src, blender, gdcm, ghostscript, insighttoolkit4...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Fixed |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
Some fixes available 62 of 188
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a...
32 affected packages
insighttoolkit4, cadaver, insighttoolkit, audacity, ayttm...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Not in release |
| audacity | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| chromium-browser | Fixed | Fixed | Fixed | Fixed | Fixed |
| sitecopy | Needs evaluation | Not in release | Needs evaluation | Ignored | Ignored |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| coin3 | Not affected | Not affected | Not affected | Not affected | Vulnerable |
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| libxmltok | Not in release | Fixed | Fixed | Fixed | Fixed |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| expat | Not affected | Not affected | Not affected | Not affected | Fixed |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
| libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| poco | Not affected | Not affected | Not affected | Not affected | Not affected |
| simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
| wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 15 of 89
In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to...
9 affected packages
blender, emscripten, gdcm, ghostscript, insighttoolkit4...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| emscripten | Ignored | Ignored | Ignored | Not in release | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
Some fixes available 1 of 73
An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.
8 affected packages
texmaker, blender, insighttoolkit4, qtwebengine-opensource-src, emscripten...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| emscripten | Ignored | Ignored | Ignored | Not in release | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service...
8 affected packages
blender, emscripten, insighttoolkit4, qtwebengine-opensource-src, texmaker...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| emscripten | Ignored | Ignored | Ignored | Not in release | Ignored |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 1 of 81
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).
8 affected packages
emscripten, qtwebengine-opensource-src, texmaker, blender, insighttoolkit4...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| emscripten | Ignored | Ignored | Ignored | Not in release | Ignored |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Fixed |