Search CVE reports
1 – 10 of 81 results
CVE-2024-7006
Medium prioritySome fixes available 6 of 20
A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults,...
5 affected packages
gdal, neuron, qtwebengine-opensource-src, texmaker, tiff
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdal | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
neuron | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | — |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tiff | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2024-6716
Low priorityRejected reason: Invalid security issue.
5 affected packages
gdal, neuron, qtwebengine-opensource-src, texmaker, tiff
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdal | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
neuron | Not affected | Needs evaluation | Needs evaluation | Needs evaluation | — |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tiff | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2023-39329
Medium priorityA flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openjpeg | Not in release | Not in release | Not in release | — | Needs evaluation |
openjpeg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-39327
Medium priorityA flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openjpeg | Not in release | Not in release | Not in release | — | Needs evaluation |
openjpeg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-39328
Medium priorityA vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ghostscript | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
openjpeg | Not in release | Not in release | Not in release | — | Needs evaluation |
openjpeg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-52356
Medium prioritySome fixes available 7 of 20
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
4 affected packages
gdal, qtwebengine-opensource-src, texmaker, tiff
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdal | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tiff | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2023-52355
Negligible priorityAn out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a...
5 affected packages
gdal, neuron, qtwebengine-opensource-src, texmaker, tiff
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gdal | — | Not affected | Not affected | Not affected | Ignored |
neuron | — | Ignored | Ignored | Ignored | Not in release |
qtwebengine-opensource-src | — | Ignored | Ignored | Ignored | Not in release |
texmaker | — | Ignored | Ignored | Ignored | Ignored |
tiff | — | Ignored | Ignored | Ignored | Ignored |
CVE-2023-45311
Medium priorityfsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that...
2 affected packages
npm, qtwebengine-opensource-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
npm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2023-39616
Medium priorityAOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.
2 affected packages
qt6-webengine, qtwebengine-opensource-src
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
qt6-webengine | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2022-34300
Low priorityIn tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData.
12 affected packages
asymptote, chromium-browser, godot, goxel, love...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
asymptote | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
chromium-browser | Not affected | Not affected | Not affected | Not affected | Ignored |
godot | Needs evaluation | Needs evaluation | Needs evaluation | — | — |
goxel | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
love | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
mame | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
psychtoolbox-3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
qt6-webengine | Needs evaluation | Needs evaluation | — | — | — |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
rbdoom3bfg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
renderdoc | Not in release | Needs evaluation | Needs evaluation | — | — |
tinyexr | Needs evaluation | Needs evaluation | — | — | — |