Search CVE reports
1 – 10 of 17 results
CVE-2021-46244
Low priorityA Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).
8 affected packages
hdf5, insighttoolkit4, kissplice, paraview, r-bloc-rhdf5...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
hdf5 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
kissplice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
r-bloc-rhdf5 | — | — | — | — | Ignored |
vtk | — | — | — | — | Needs evaluation |
vtk6 | — | — | Needs evaluation | Needs evaluation | Needs evaluation |
xdmf | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-46243
Medium priorityAn untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).
6 affected packages
hdf5, insighttoolkit4, kissplice, paraview, vtk, xdmf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
hdf5 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
kissplice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vtk | — | — | — | — | Needs evaluation |
xdmf | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-46242
Medium priorityHDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.
6 affected packages
hdf5, insighttoolkit4, kissplice, paraview, vtk, xdmf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
hdf5 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
kissplice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vtk | — | — | — | — | Needs evaluation |
xdmf | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-46143
Medium prioritySome fixes available 26 of 287
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
50 affected packages
apache2, apr-util, astropy, audacity, ayttm...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
astropy | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
audacity | Not affected | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coda | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
coin3 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
emboss | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed | Ignored |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
harp | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
ibm-3270 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected | Needs evaluation |
insighttoolkit5 | Needs evaluation | Needs evaluation | — | — | Ignored |
libsynthesis | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Fixed | Fixed | Fixed | Fixed | Fixed |
mame | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
opencollada | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
poco | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
python2.7 | Not in release | Not affected | Not affected | Not affected | Not affected |
python3.10 | Not in release | Not affected | Not in release | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release | Not affected |
python3.6 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.7 | Not in release | Not in release | Not in release | Not affected | Not in release |
python3.8 | Not in release | Not in release | Not affected | Not affected | Not in release |
python3.9 | Not in release | Not in release | Not affected | Not in release | Not in release |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
sitecopy | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Ignored | Ignored |
tla | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
visp | Needs evaluation | Needs evaluation | — | Needs evaluation | Needs evaluation |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc | — | — | — | — | Ignored |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xsd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-45833
Medium priorityA Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).
3 affected packages
hdf5, insighttoolkit5, paraview
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
hdf5 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
insighttoolkit5 | Needs evaluation | Needs evaluation | — | — | Ignored |
paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-45832
Medium priorityA Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).
3 affected packages
hdf5, insighttoolkit5, paraview
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
hdf5 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
insighttoolkit5 | Needs evaluation | Needs evaluation | — | — | Ignored |
paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-45830
Medium priorityA heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.
3 affected packages
hdf5, insighttoolkit5, paraview
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
hdf5 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
insighttoolkit5 | Needs evaluation | Needs evaluation | — | — | Ignored |
paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-45829
Medium priorityHDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.
3 affected packages
hdf5, insighttoolkit5, paraview
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
hdf5 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
insighttoolkit5 | Needs evaluation | Needs evaluation | — | — | Ignored |
paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-15999
High prioritySome fixes available 15 of 16
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
18 affected packages
android, chromium-browser, firefox, freetype, godot...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
android | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
chromium-browser | Not affected | Not affected | Not affected | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | Not affected | Not affected |
freetype | Fixed | Fixed | Fixed | Fixed | Fixed |
godot | Not affected | Not affected | Not affected | Not in release | Not in release |
graphicsmagick | Not affected | Not affected | Not affected | Not affected | Not affected |
musescore | Not in release | Not in release | Not affected | Not affected | Not affected |
openjdk-12 | Not in release | Not in release | Not in release | Not in release | Not in release |
openjdk-13 | Not in release | Not in release | Not affected | Not in release | Not in release |
openjdk-15 | Not in release | Not in release | Not in release | Not in release | Not in release |
openjdk-lts | Not affected | Not affected | Not affected | Not affected | Not in release |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Not affected |
paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
qtbase-opensource-src | Not affected | Not affected | Not affected | Not affected | Not affected |
qtbase-opensource-src-gles | Not affected | Not affected | Not affected | Not in release | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
texmaker | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2019-17546
Medium prioritySome fixes available 5 of 56
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param"...
17 affected packages
blender, chromium-browser, gdal, insighttoolkit4, ivtools...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Not affected | Not affected | Not affected | Not affected | Not affected |
chromium-browser | Not affected | Not affected | Not affected | Not affected | Not affected |
gdal | Not affected | Not affected | Not affected | Not affected | Vulnerable |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected | Not affected |
ivtools | Not affected | Not affected | Not affected | Not affected | Not affected |
libtk-img | Not affected | Not affected | Not affected | Not affected | Not affected |
neuron | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
povray | Not affected | Not affected | Not affected | Not affected | Not affected |
qt4-x11 | Not in release | Not in release | Not in release | Not affected | Not affected |
qtimageformats-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
sfftobmp | Not affected | Not affected | Not affected | Not affected | Not affected |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not affected |
tiff | Not affected | Not affected | Not affected | Fixed | Fixed |
xloadimage | Not affected | Not affected | Not affected | Not affected | Not affected |