Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 13 results


CVE-2023-43281

Medium priority
Needs evaluation

Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.

14 affected packages

arm-compute-library, armnn, bibledit, bibledit-cloud, emscripten...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
arm-compute-library Needs evaluation Needs evaluation Not in release Ignored Ignored
armnn Needs evaluation Needs evaluation Not in release Ignored Ignored
bibledit Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
bibledit-cloud Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
emscripten Needs evaluation Needs evaluation Not in release Needs evaluation Needs evaluation
goxel Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
libsfml Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libstb Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
love Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
mame Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
timg Needs evaluation Needs evaluation Not in release Ignored Ignored
tiny-dnn Needs evaluation Not in release Not in release Ignored Ignored
utox Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
visp Needs evaluation Needs evaluation Not in release Needs evaluation Needs evaluation
Show all 14 packages Show less packages

CVE-2022-36561

Low priority
Needs evaluation

XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.

4 affected packages

emscripten, ipe, texlive-bin, xpdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emscripten Needs evaluation Needs evaluation Not in release Needs evaluation Needs evaluation
ipe Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xpdf Not affected Not affected Not in release Not affected Needs evaluation
Show less packages

CVE-2022-24107

Medium priority
Needs evaluation

Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.

4 affected packages

emscripten, ipe, texlive-bin, xpdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emscripten Needs evaluation Needs evaluation Not in release Needs evaluation Needs evaluation
ipe Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xpdf Not affected Not affected Not in release Not affected Needs evaluation
Show less packages

CVE-2022-24106

Medium priority
Needs evaluation

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

4 affected packages

emscripten, ipe, texlive-bin, xpdf

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emscripten Needs evaluation Needs evaluation Not in release Needs evaluation Needs evaluation
ipe Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xpdf Not affected Not affected Not in release Not affected Needs evaluation
Show less packages

CVE-2022-38784

Medium priority

Some fixes available 4 of 12

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the...

2 affected packages

emscripten, poppler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emscripten Needs evaluation Needs evaluation Not in release Needs evaluation Needs evaluation
poppler Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-43519

Low priority
Needs evaluation

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

45 affected packages

ardour, bam, blobby, ceph, darktable...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ardour Not affected Not affected Not affected Not affected Not affected
bam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
blobby Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ceph Not affected Not affected Not affected Not affected Not affected
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
eja Not in release Needs evaluation Needs evaluation Needs evaluation Ignored
emscripten Needs evaluation Needs evaluation Needs evaluation Needs evaluation
enigma Not affected Not affected Not affected Not affected Not affected
freeciv Not affected Not affected Not affected Not affected Not affected
freedroidrpg Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
fs-uae Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golly Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
goxel Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
grub2 Not affected Not affected Not affected Not affected Not affected
gtk2-engines Not affected Not affected Not affected Not affected Not affected
haskell-hslua Not affected Not affected Not affected Not affected Not affected
hedgewars Not affected Not affected Not affected Not affected Not affected
lua5.1 Not affected Not affected Not affected Not affected Not affected
lua5.2 Not affected Not affected Not affected Not affected Not affected
lua5.3 Not affected Not affected Not affected Not affected Not affected
lua5.4 Not affected Not affected Not in release Not in release Not in release
lua50 Not in release Not in release Not affected Not affected Not affected
luajit Not affected Not affected Not affected Not affected Not affected
mame Not affected Not affected Not affected Not affected Not affected
naev Needs evaluation Needs evaluation Needs evaluation Ignored
openscenegraph Not affected Not affected Not affected Not affected Not affected
redis Not affected Not affected Not affected Not affected Not affected
rust-lua52-sys Needs evaluation Needs evaluation Needs evaluation Ignored
scite Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
scorched3d Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
scummvm Not affected Not affected Not affected Not affected Not affected
spring Not affected Not affected Not affected Not affected Not affected
syslinux Not affected Not affected Not affected Not affected Not affected
syslinux-legacy Not in release Not in release Not affected Not affected Not affected
tagua Not affected Not affected Not affected Not affected Not affected
tarantool Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
tup Needs evaluation Needs evaluation Needs evaluation Ignored
ufoai Not affected Not affected Not affected Not affected Not affected
vifm Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
wcc Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
wesnoth Ignored
widelands Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmoto Not affected Not affected Not affected Not affected Not affected
zfs-linux Not affected Not affected Not affected Not affected Not affected
Show all 45 packages Show less packages

CVE-2019-9959

Low priority

Some fixes available 2 of 15

The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size...

2 affected packages

emscripten, poppler

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
emscripten Ignored Ignored Not in release Ignored Ignored
poppler Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2019-12973

Low priority

Some fixes available 12 of 85

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to...

9 affected packages

blender, emscripten, gdcm, ghostscript, insighttoolkit4...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emscripten Ignored Ignored Not in release Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not in release Not affected
openjpeg2 Fixed Fixed Fixed Fixed Fixed
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 9 packages Show less packages

CVE-2018-20847

Medium priority

Some fixes available 1 of 72

An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.

8 affected packages

blender, emscripten, gdcm, insighttoolkit4, openjpeg...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emscripten Ignored Ignored Not in release Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not in release Not affected
openjpeg2 Not affected Not affected Not affected Not affected Fixed
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 8 packages Show less packages

CVE-2018-20846

Medium priority
Needs evaluation

Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service...

8 affected packages

blender, emscripten, gdcm, insighttoolkit4, openjpeg...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emscripten Ignored Ignored Not in release Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not in release Not affected
openjpeg2 Not affected Not affected Not affected Not affected Not affected
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 8 packages Show less packages