Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 81 results


CVE-2024-7006

Medium priority

Some fixes available 6 of 20

A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults,...

5 affected packages

gdal, neuron, qtwebengine-opensource-src, texmaker, tiff

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdal Not affected Not affected Not affected Not affected Needs evaluation
neuron Not affected Needs evaluation Needs evaluation Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tiff Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-6716

Low priority
Vulnerable

Rejected reason: Invalid security issue.

5 affected packages

gdal, neuron, qtwebengine-opensource-src, texmaker, tiff

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdal Not affected Not affected Not affected Not affected Needs evaluation
neuron Not affected Needs evaluation Needs evaluation Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tiff Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2023-39329

Medium priority
Vulnerable

A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Needs evaluation
openjpeg2 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2023-39327

Medium priority
Vulnerable

A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Needs evaluation
openjpeg2 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2023-39328

Medium priority
Vulnerable

A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Needs evaluation
openjpeg2 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2023-52356

Medium priority

Some fixes available 7 of 20

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

4 affected packages

gdal, qtwebengine-opensource-src, texmaker, tiff

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdal Not affected Not affected Not affected Not affected Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tiff Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-52355

Negligible priority
Ignored

An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a...

5 affected packages

gdal, neuron, qtwebengine-opensource-src, texmaker, tiff

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
gdal Not affected Not affected Not affected Ignored
neuron Ignored Ignored Ignored Not in release
qtwebengine-opensource-src Ignored Ignored Ignored Not in release
texmaker Ignored Ignored Ignored Ignored
tiff Ignored Ignored Ignored Ignored
Show less packages

CVE-2023-45311

Medium priority
Needs evaluation

fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that...

2 affected packages

npm, qtwebengine-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
npm Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2023-39616

Medium priority
Needs evaluation

AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.

2 affected packages

qt6-webengine, qtwebengine-opensource-src

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
qt6-webengine Needs evaluation Needs evaluation Not in release Ignored Ignored
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2022-34300

Low priority
Needs evaluation

In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData.

12 affected packages

asymptote, chromium-browser, godot, goxel, love...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
asymptote Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
chromium-browser Not affected Not affected Not affected Not affected Ignored
godot Needs evaluation Needs evaluation Needs evaluation
goxel Needs evaluation Needs evaluation Needs evaluation Needs evaluation
love Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
mame Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
psychtoolbox-3 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qt6-webengine Needs evaluation Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rbdoom3bfg Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
renderdoc Not in release Needs evaluation Needs evaluation
tinyexr Needs evaluation Needs evaluation
Show all 12 packages Show less packages