Search CVE reports
1 – 10 of 50 results
CVE-2024-50602
Medium priorityAn issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | — | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
expat | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
firefox | Not affected | Not affected | Not affected | — | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-45492
Medium prioritySome fixes available 6 of 61
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | — | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Not affected | Not affected | Not affected | Not affected | Not affected |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-45491
Medium prioritySome fixes available 12 of 67
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | — | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Fixed | Fixed | Fixed | Fixed | Fixed |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-45490
Medium prioritySome fixes available 12 of 67
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | — | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Fixed | Fixed | Fixed | Fixed | Fixed |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-25569
Medium priorityAn out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a...
1 affected packages
gdcm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdcm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-22391
Medium priorityA heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a...
1 affected packages
gdcm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdcm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-22373
Medium priorityAn out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can...
1 affected packages
gdcm
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdcm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-28757
Medium prioritySome fixes available 2 of 74
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | — | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
expat | Not affected | Fixed | Ignored | Ignored | Ignored |
firefox | Not affected | Not affected | Not affected | — | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Ignored | Ignored | Ignored | Ignored | Ignored |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-52426
Medium prioritySome fixes available 2 of 50
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
expat | Fixed | Not affected | Not affected | Not affected | Not affected |
firefox | Not affected | Not affected | Not affected | Ignored | Ignored |
gdcm | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Not affected | Not affected | Not affected | Not affected | Not affected |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Ignored | Ignored |
vnc4 | Not in release | Not in release | Not in release | Not affected | Not affected |
vtk | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
wbxml2 | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
xmlrpc-c | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
CVE-2023-52425
Medium prioritySome fixes available 4 of 77
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
expat | Fixed | Fixed | Ignored | Ignored | Ignored |
firefox | Not affected | Not affected | Not affected | Ignored | Ignored |
gdcm | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Ignored | Ignored | Ignored | Ignored | Ignored |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Ignored | Ignored |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |