Search CVE reports


Toggle filters

1 – 10 of 83 results


CVE-2024-56827

Medium priority
Vulnerable

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not affected
openjpeg2 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2024-56826

Medium priority
Vulnerable

A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not affected
openjpeg2 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2024-7006

Medium priority

Some fixes available 7 of 23

A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults,...

5 affected packages

gdal, neuron, qtwebengine-opensource-src, texmaker, tiff

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdal Not affected Not affected Not affected Not affected Needs evaluation
neuron Not affected Needs evaluation Needs evaluation Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tiff Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-6716

Low priority
Vulnerable

Rejected reason: Invalid security issue.

5 affected packages

gdal, neuron, qtwebengine-opensource-src, texmaker, tiff

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdal Not affected Not affected Not affected Not affected Needs evaluation
neuron Not affected Needs evaluation Needs evaluation Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tiff Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2023-39329

Medium priority
Vulnerable

A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Needs evaluation
openjpeg2 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2023-39327

Medium priority

Some fixes available 6 of 35

A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Needs evaluation
openjpeg2 Fixed Fixed Fixed Fixed Fixed
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2023-39328

Medium priority
Vulnerable

A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Needs evaluation
openjpeg2 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2023-52356

Medium priority

Some fixes available 8 of 23

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

4 affected packages

gdal, qtwebengine-opensource-src, texmaker, tiff

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdal Not affected Not affected Not affected Not affected Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tiff Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-52355

Negligible priority
Ignored

An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a...

5 affected packages

gdal, neuron, qtwebengine-opensource-src, texmaker, tiff

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdal Not affected Not affected Not affected Ignored
neuron Ignored Ignored Ignored Not in release
qtwebengine-opensource-src Ignored Ignored Ignored Not in release
texmaker Ignored Ignored Ignored Ignored
tiff Ignored Ignored Ignored Ignored
Show less packages

CVE-2023-45311

Medium priority
Needs evaluation

fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that...

2 affected packages

npm, qtwebengine-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
npm Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages