Search CVE reports
71 – 80 of 105 results
Some fixes available 17 of 72
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
7 affected packages
ghostscript, openjpeg, openjpeg2, blender, insighttoolkit4...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 17 of 77
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
7 affected packages
texmaker, blender, ghostscript, insighttoolkit4, openjpeg...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 5 of 66
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param"...
17 affected packages
blender, chromium-browser, ivtools, xloadimage, neuron...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Not affected | Not affected | Not affected | Not affected | Not affected |
| chromium-browser | Not affected | Not affected | Not affected | Not in release | Not affected |
| ivtools | Not affected | Not affected | Not affected | Not affected | Not affected |
| xloadimage | Not affected | Not affected | Not affected | Not affected | Not affected |
| neuron | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| qt4-x11 | Not in release | Not in release | Not in release | Not in release | Not affected |
| tiff | Not affected | Not affected | Not affected | Not affected | Fixed |
| qtimageformats-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| gdal | Not affected | Not affected | Not affected | Not affected | Not affected |
| libtk-img | Not affected | Not affected | Not affected | Not affected | Not affected |
| paraview | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
| povray | Not affected | Not affected | Not affected | Not affected | Not affected |
| sfftobmp | Not in release | Not affected | Not affected | Not affected | Not affected |
Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
10 affected packages
calibre, chromium, texmaker, enchant, firefox...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| calibre | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| chromium | Not in release | Not in release | Not in release | Not in release | Not in release |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| enchant | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | Not in release | Not affected |
| postbooks | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| thunderbird | Not affected | Not affected | Not affected | Not in release | Not affected |
| focuswriter | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| hunspell | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
3 affected packages
gst-libav1.0, qtwebengine-opensource-src, ffmpeg
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties...
4 affected packages
gst-libav1.0, qtwebengine-opensource-src, vice, ffmpeg
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gst-libav1.0 | — | Not affected | Not affected | Not affected | Not affected |
| qtwebengine-opensource-src | — | Not affected | Not affected | Not affected | Not affected |
| vice | — | Not affected | Not affected | Not affected | Not affected |
| ffmpeg | — | Not affected | Not affected | Not affected | Not affected |
In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
3 affected packages
gst-libav1.0, qtwebengine-opensource-src, ffmpeg
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 2 of 62
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
8 affected packages
qtwebengine-opensource-src, blender, gdcm, ghostscript, insighttoolkit4...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Fixed |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion. This could lead to escalation of privilege from a malicious proxy configuration with no additional...
2 affected packages
chromium-browser, qtwebengine-opensource-src
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | — | Not affected |
| qtwebengine-opensource-src | — | — | — | — | Not affected |
Some fixes available 7 of 44
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is...
7 affected packages
aom, godot, qtwebengine-opensource-src, chromium-browser, firefox...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| aom | Not affected | Not affected | Needs evaluation | Needs evaluation | Not in release |
| godot | Not in release | Fixed | Fixed | Fixed | Not in release |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| chromium-browser | Not affected | Not affected | Not affected | Not in release | Not affected |
| firefox | Not affected | Not affected | Not affected | Not in release | Not affected |
| libvpx | Not affected | Not affected | Not affected | Not affected | Fixed |
| thunderbird | Not affected | Not affected | Not affected | Not in release | Not affected |