Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 8 of 8 results


CVE-2022-33070

Medium priority

Some fixes available 7 of 66

Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

9 affected packages

argyll, ccextractor, libgadu, libpg-query, libsignal-protocol-c...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
argyll Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ccextractor Needs evaluation Needs evaluation Needs evaluation
libgadu Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libpg-query Needs evaluation Needs evaluation
libsignal-protocol-c Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ocserv Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pidgin Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
protobuf-c Fixed Fixed Fixed Needs evaluation Needs evaluation
sudo Not affected Fixed Not affected Not affected Not affected
Show all 9 packages Show less packages

CVE-2021-32440

Medium priority
Needs evaluation

The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

2 affected packages

ccextractor, gpac

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ccextractor Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
gpac Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-32439

Medium priority
Needs evaluation

Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

2 affected packages

ccextractor, gpac

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ccextractor Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
gpac Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-11558

Medium priority
Needs evaluation

An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free...

2 affected packages

ccextractor, gpac

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ccextractor Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
gpac Not affected Not affected Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2018-21017

Low priority
Needs evaluation

GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c.

2 affected packages

ccextractor, gpac

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ccextractor Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
gpac Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2018-21016

Medium priority
Vulnerable

audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

2 affected packages

ccextractor, gpac

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ccextractor Needs evaluation Vulnerable Vulnerable Not in release Not in release
gpac Not affected Not affected Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2018-21015

Medium priority
Vulnerable

AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new->AVCLevelIndication =...

2 affected packages

ccextractor, gpac

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ccextractor Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
gpac Not affected Not affected Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2018-16981

Medium priority
Vulnerable

stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.

13 affected packages

catimg, ccextractor, flif, goxel, libsfml...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
catimg Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
ccextractor Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
flif Not in release Not in release Not in release Not in release Not in release
goxel Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
libsfml Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
libsixel Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
love Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
mame Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
renderdoc Not in release Needs evaluation Needs evaluation Not in release Not in release
retroarch Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
tweeny Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
zam-plugins Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
zynaddsubfx Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 13 packages Show less packages