Search CVE reports

211 – 220 of 254 results

Detailed view

Sort by:

CVE-2016-7977

Medium priority

Fixed

Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.

1 affected package

ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—

CVE-2016-7976

Medium priority

Fixed

The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams.

1 affected package

ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—

CVE-2016-5300

Medium priority

Some fixes available 5 of 101

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this...

31 affected packages

apache2, apr-util, cmake, poco, sitecopy...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
cadaver	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Not affected	Not affected	Not affected	Not affected
cableswig	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
ghostscript	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release
xotcl	Not affected	Not affected	Not affected	Not affected
expat	Not affected	Not affected	Not affected	Not affected
libxmltok	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
swish-e	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release

CVE-2013-7455

Medium priority

Fixed

Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default...

2 affected packages

ghostscript, lcms2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
lcms2	—	—	—	—

CVE-2015-3228

Medium priority

Fixed

Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the...

1 affected package

ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—

CVE-2015-1283

Medium priority

Some fixes available 42 of 255

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or...

33 affected packages

cmake, ghostscript, texlive-bin, libparagui1.1, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
ayttm	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
expat	Not affected	Not affected	Not affected	Not affected
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
cableswig	Not in release	Not in release	Not in release	Not in release
chromium-browser	Fixed	Fixed	Fixed	Fixed
coin3	Vulnerable	Vulnerable	Vulnerable	Vulnerable
gdcm	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release
oxide-qt	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Vulnerable
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
libxmltok	Fixed	Fixed	Fixed	Fixed
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
xotcl	Not affected	Not affected	Not affected	Not affected

CVE-2014-8158

Medium priority

Some fixes available 4 of 5

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

3 affected packages

ghostscript, jasper, netpbm-free

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
jasper	—	—	—	—
netpbm-free	—	—	—	—

CVE-2014-8157

Medium priority

Some fixes available 4 of 5

Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a...

3 affected packages

ghostscript, jasper, netpbm-free

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
jasper	—	—	—	—
netpbm-free	—	—	—	—

CVE-2014-8138

Medium priority

Some fixes available 4 of 5

Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.

3 affected packages

ghostscript, jasper, netpbm-free

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
jasper	—	—	—	—
netpbm-free	—	—	—	—

CVE-2014-8137

Low priority

Some fixes available 4 of 5

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a...

3 affected packages

ghostscript, jasper, netpbm-free

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
jasper	—	—	—	—
netpbm-free	—	—	—	—

Export to JSON

Results by page: