Search CVE reports
41381 – 41390 of 69300 results
When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on...
3 affected packages
firefox, firefox-esr, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | Not affected |
| firefox-esr | — | — | — | — | Not in release |
| thunderbird | — | — | — | — | Not affected |
Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users...
4 affected packages
mozjs38, firefox, mozjs52, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| mozjs38 | — | — | — | — | Not affected |
| firefox | — | — | — | — | Not affected |
| mozjs52 | — | — | — | — | Not affected |
| thunderbird | — | — | — | — | Not affected |
The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
4 affected packages
ipe, libextractor, xpdf, poppler
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libextractor | Not affected | Not affected | Not affected | Not affected | Not affected |
| xpdf | Vulnerable | Vulnerable | Vulnerable | Not in release | Needs evaluation |
| poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
4 affected packages
libextractor, ipe, poppler, xpdf
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libextractor | Not affected | Not affected | Not affected | Not affected | Not affected |
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
| xpdf | Vulnerable | Vulnerable | Vulnerable | Not in release | Vulnerable |
The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
4 affected packages
ipe, libextractor, poppler, xpdf
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libextractor | Not affected | Not affected | Not affected | Not affected | Not affected |
| poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
| xpdf | Vulnerable | Vulnerable | Vulnerable | Not in release | Vulnerable |
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
4 affected packages
libextractor, ipe, poppler, xpdf
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libextractor | Not affected | Not affected | Not affected | Not affected | Not affected |
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
| xpdf | Vulnerable | Vulnerable | Vulnerable | Not in release | Vulnerable |
The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
4 affected packages
ipe, libextractor, poppler, xpdf
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libextractor | Not affected | Not affected | Not affected | Not affected | Not affected |
| poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
| xpdf | Vulnerable | Vulnerable | Vulnerable | Not in release | Vulnerable |
CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
4 affected packages
ipe, libextractor, xpdf, poppler
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libextractor | Not affected | Not affected | Not affected | Not affected | Not affected |
| xpdf | Vulnerable | Vulnerable | Vulnerable | Not in release | Vulnerable |
| poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace.
27 affected packages
linux, linux-flo, linux-goldfish, linux-grouper, linux-lts-trusty...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| linux | — | — | — | — | Fixed |
| linux-flo | — | — | — | — | Not in release |
| linux-goldfish | — | — | — | — | Not in release |
| linux-grouper | — | — | — | — | Not in release |
| linux-lts-trusty | — | — | — | — | Not in release |
| linux-maguro | — | — | — | — | Not in release |
| linux-mako | — | — | — | — | Not in release |
| linux-manta | — | — | — | — | Not in release |
| linux-aws | — | — | — | — | Fixed |
| linux-azure | — | — | — | — | Fixed |
| linux-azure-edge | — | — | — | — | Fixed |
| linux-aws-hwe | — | — | — | — | Not in release |
| linux-euclid | — | — | — | — | Not in release |
| linux-gcp | — | — | — | — | Fixed |
| linux-gcp-edge | — | — | — | — | Not affected |
| linux-gke | — | — | — | — | Not in release |
| linux-hwe | — | — | — | — | Not affected |
| linux-hwe-edge | — | — | — | — | Not affected |
| linux-kvm | — | — | — | — | Fixed |
| linux-lts-utopic | — | — | — | — | Not in release |
| linux-lts-vivid | — | — | — | — | Not in release |
| linux-lts-wily | — | — | — | — | Not in release |
| linux-lts-xenial | — | — | — | — | Not in release |
| linux-oem | — | — | — | — | Fixed |
| linux-oracle | — | — | — | — | Not affected |
| linux-raspi2 | — | — | — | — | Fixed |
| linux-snapdragon | — | — | — | — | Not affected |
Some fixes available 5 of 6
makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact.
1 affected package
openexr
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openexr | — | — | — | Fixed | Fixed |