Search CVE reports

51 – 60 of 69 results

Detailed view

Sort by:

CVE-2019-12973

Low priority

Some fixes available 12 of 85

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to...

9 affected packages

blender, emscripten, gdcm, ghostscript, insighttoolkit4...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
emscripten	Ignored	Ignored	Not in release	Ignored	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	Not in release	Not affected
openjpeg2	Fixed	Fixed	Fixed	Fixed	Fixed
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2018-20847

Medium priority

Some fixes available 1 of 72

An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.

8 affected packages

blender, emscripten, gdcm, insighttoolkit4, openjpeg...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
emscripten	Ignored	Ignored	Not in release	Ignored	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	Not in release	Not affected
openjpeg2	Not affected	Not affected	Not affected	Not affected	Fixed
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2018-20846

Medium priority

Needs evaluation

Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service...

8 affected packages

blender, emscripten, gdcm, insighttoolkit4, openjpeg...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
emscripten	Ignored	Ignored	Not in release	Ignored	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	Not in release	Not affected
openjpeg2	Not affected	Not affected	Not affected	Not affected	Not affected
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2018-20845

Medium priority

Some fixes available 1 of 80

Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

8 affected packages

blender, emscripten, gdcm, insighttoolkit4, openjpeg...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
emscripten	Ignored	Ignored	Not in release	Ignored	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	Not in release	Not affected
openjpeg2	Not affected	Not affected	Not affected	Fixed	Not affected
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not in release
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2018-20843

Low priority

Some fixes available 22 of 116

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable...

32 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cableswig	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Vulnerable	Vulnerable
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Not affected	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Needs evaluation
insighttoolkit4	Not in release	Not affected	Not affected	Not affected	Vulnerable
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Vulnerable	Fixed	Fixed	Fixed	Fixed
matanza	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
poco	Not affected	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
vtk	Not in release	Not in release	Not in release	Not in release	Fixed
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2017-9233

Medium priority

Some fixes available 7 of 98

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

33 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not affected
cableswig	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cadaver	Not affected	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Needs evaluation	Fixed
expat	Not affected	Not affected	Not affected	Not affected	Fixed
firefox	Not affected	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not affected
insighttoolkit4	Not in release	Not affected	Not affected	Not affected	Vulnerable
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Not affected	Not affected	Not affected	Not affected	Not affected
matanza	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
poco	Not affected	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored	Ignored
vtk	Not in release	Not in release	Not in release	Not in release	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2016-5300

Medium priority

Some fixes available 5 of 99

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this...

31 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not affected
cableswig	Not in release	Not in release	Not in release	Not in release	Not affected
cadaver	Not affected	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Not affected
expat	Not affected	Not affected	Not affected	Not affected	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Not affected	Not affected	Not affected	Not affected	Not affected
matanza	Not affected	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Not affected	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored	Ignored
vtk	Not in release	Not in release	Not in release	Not in release	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
xotcl	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2016-4472

Medium priority

Some fixes available 5 of 169

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this...

26 affected packages

audacity, ayttm, cableswig, cadaver, coin3...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Vulnerable
cableswig	Not in release	Not in release	Not in release	Not in release	Vulnerable
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
coin3	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
expat	Not affected	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Vulnerable
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Vulnerable	Fixed	Fixed	Fixed	Fixed
matanza	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
poco	Not affected	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored	Ignored
vtk	Not in release	Not in release	Not in release	Not in release	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
xotcl	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2016-0718

Medium priority

Some fixes available 29 of 193

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

28 affected packages

audacity, ayttm, cableswig, cadaver, coin3...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Vulnerable
cableswig	Not in release	Not in release	Not in release	Not in release	Vulnerable
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
coin3	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Not affected	Not affected	Not affected	Not affected	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Vulnerable
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Vulnerable	Fixed	Fixed	Fixed	Fixed
matanza	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
poco	Not affected	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored	Ignored
vtk	Not in release	Not in release	Not in release	Not in release	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
xotcl	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2015-1283

Medium priority

Some fixes available 38 of 242

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or...

33 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Vulnerable
cableswig	Not in release	Not in release	Not in release	Not in release	Vulnerable
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
chromium-browser	Fixed	Fixed	Fixed	Fixed	Fixed
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
expat	Not affected	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Vulnerable
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Vulnerable	Fixed	Fixed	Fixed	Fixed
matanza	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
oxide-qt	Not in release	Not in release	Not in release	Not in release	Fixed
poco	Not affected	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Vulnerable	Fixed
vtk	Not in release	Not in release	Not in release	Not in release	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
xotcl	Not affected	Not affected	Not affected	Not affected	Not affected

Export to JSON

Results by page: