Search CVE reports
1 – 10 of 217 results
CVE-2024-45492
Medium prioritySome fixes available 6 of 55
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | — | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Not affected | Not affected | Not affected | Not affected | Not affected |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-45491
Medium prioritySome fixes available 11 of 60
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | — | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Fixed | Fixed | Fixed | Fixed | Fixed |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-45490
Medium prioritySome fixes available 11 of 60
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
23 affected packages
apache2, apr-util, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | — | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | — | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | — | — |
gdcm | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Fixed | Fixed | Fixed | Fixed | Fixed |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | — | — |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | — | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-39329
Medium priorityA flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openjpeg | Not in release | Not in release | Not in release | — | Needs evaluation |
openjpeg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-39327
Medium prioritySome fixes available 5 of 31
A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openjpeg | Not in release | Not in release | Not in release | — | Needs evaluation |
openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-39328
Medium priorityA vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openjpeg | Not in release | Not in release | Not in release | — | Needs evaluation |
openjpeg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-29511
Medium prioritySome fixes available 2 of 3
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation...
1 affected packages
ghostscript
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | Fixed | Fixed | Not affected | Not affected | Not affected |
CVE-2024-29507
Medium prioritySome fixes available 1 of 2
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
1 affected packages
ghostscript
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | Fixed | Not affected | Not affected | Not affected | Not affected |
CVE-2024-29509
Medium prioritySome fixes available 2 of 3
Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
1 affected packages
ghostscript
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | Fixed | Fixed | Not affected | Not affected | Not affected |
CVE-2024-29508
Medium prioritySome fixes available 3 of 6
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.
1 affected packages
ghostscript
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |