Search CVE reports


Toggle filters

81 – 90 of 191 results


CVE-2020-24870

Medium priority
Needs evaluation

Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Not affected Not affected
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2020-23912

Medium priority
Needs evaluation

An issue was discovered in Bento4 through v1.6.0-637. A NULL pointer dereference exists in the function AP4_StszAtom::GetSampleSize() located in Ap4StszAtom.cpp. It allows an attacker to cause Denial of Service.

1 affected package

kodi-inputstream-adaptive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
kodi-inputstream-adaptive Needs evaluation Needs evaluation Not in release Not in release Ignored
Show less packages

CVE-2020-24890

Medium priority
Not affected

** DISPUTED ** libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you...

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Not affected Not affected Not affected
dcraw Not affected Not affected Not affected
exactimage Not affected Not affected Not affected
kodi Not affected Not affected Not affected
libraw Not affected Not affected Not affected
rawtherapee Not affected Not affected Not affected
ufraw Not in release Not affected Not affected
xbmc Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2020-24889

Medium priority
Not affected

A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Not affected Not affected Not affected
dcraw Not affected Not affected Not affected
exactimage Not affected Not affected Not affected
kodi Not affected Not affected Not affected
libraw Not affected Not affected Not affected
rawtherapee Not affected Not affected Not affected
ufraw Not in release Not affected Not affected
xbmc Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2020-15503

Low priority

Some fixes available 2 of 74

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs...

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Fixed Fixed Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2020-15365

Medium priority
Needs evaluation

LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds.

8 affected packages

darktable, dcraw, exactimage, kodi, libraw...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Not affected Not affected Not affected Not affected
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ufraw Not in release Not in release Not in release Needs evaluation Needs evaluation
xbmc Not in release Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2019-20092

Medium priority
Needs evaluation

An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp.

1 affected package

kodi-inputstream-adaptive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
kodi-inputstream-adaptive Needs evaluation Needs evaluation Not in release Not in release Ignored
Show less packages

CVE-2019-20091

Medium priority
Needs evaluation

An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp.

1 affected package

kodi-inputstream-adaptive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
kodi-inputstream-adaptive Needs evaluation Needs evaluation Not in release Not in release Ignored
Show less packages

CVE-2019-20090

Medium priority
Needs evaluation

An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp.

1 affected package

kodi-inputstream-adaptive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
kodi-inputstream-adaptive Needs evaluation Needs evaluation Not in release Not in release Ignored
Show less packages

CVE-2019-17530

Medium priority
Needs evaluation

An issue was discovered in Bento4 1.5.1.0. There is a heap-based buffer over-read in AP4_PrintInspector::AddField in Core/Ap4Atom.cpp when called from AP4_CencSampleEncryption::DoInspectFields in Core/Ap4CommonEncryption.cpp, when...

1 affected package

kodi-inputstream-adaptive

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
kodi-inputstream-adaptive Needs evaluation Needs evaluation Not in release Not in release Ignored
Show less packages