Search CVE reports
221 – 230 of 254 results
Some fixes available 4 of 5
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which...
2 affected packages
ghostscript, jasper
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | — |
| jasper | — | — | — | — |
Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability...
4 affected packages
ghostscript, gs-afpl, gs-esp, gs-gpl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | — |
| gs-afpl | — | — | — | — |
| gs-esp | — | — | — | — |
| gs-gpl | — | — | — | — |
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption),...
40 affected packages
gdcm, apache2, apr-util, audacity, ayttm...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gdcm | — | — | — | — |
| apache2 | — | — | — | — |
| apr-util | — | — | — | — |
| audacity | — | — | — | — |
| ayttm | — | — | — | — |
| cableswig | — | — | — | — |
| cadaver | — | — | — | — |
| celementtree | — | — | — | — |
| cmake | — | — | — | — |
| coin3 | — | — | — | — |
| expat | — | — | — | — |
| ghostscript | — | — | — | — |
| grmonitor | — | — | — | — |
| insighttoolkit | — | — | — | — |
| kompozer | — | — | — | — |
| libparagui1.1 | — | — | — | — |
| matanza | — | — | — | — |
| paraview | — | — | — | — |
| poco | — | — | — | — |
| python-xml | — | — | — | — |
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| simgear | — | — | — | — |
| sitecopy | — | — | — | — |
| smart | — | — | — | — |
| swish-e | — | — | — | — |
| tdom | — | — | — | — |
| texlive-bin | — | — | — | — |
| tla | — | — | — | — |
| vnc4 | — | — | — | — |
| vtk | — | — | — | — |
| w3c-libwww | — | — | — | — |
| wbxml2 | — | — | — | — |
| wxwidgets2.6 | — | — | — | — |
| wxwidgets2.8 | — | — | — | — |
| wxwindows2.4 | — | — | — | — |
| xmlrpc-c | — | — | — | — |
| xotcl | — | — | — | — |
| xulrunner | — | — | — | — |
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | — |
Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to...
3 affected packages
lcms, ghostscript, lcms2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lcms | — | — | — | Not in release |
| ghostscript | — | — | — | Not affected |
| lcms2 | — | — | — | Not affected |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
40 affected packages
tdom, apache2, apr-util, audacity, ayttm...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tdom | — | — | — | — |
| apache2 | — | — | — | — |
| apr-util | — | — | — | — |
| audacity | — | — | — | — |
| ayttm | — | — | — | — |
| cableswig | — | — | — | — |
| cadaver | — | — | — | — |
| celementtree | — | — | — | — |
| cmake | — | — | — | — |
| coin3 | — | — | — | — |
| expat | — | — | — | — |
| gdcm | — | — | — | — |
| ghostscript | — | — | — | — |
| grmonitor | — | — | — | — |
| insighttoolkit | — | — | — | — |
| kompozer | — | — | — | — |
| libparagui1.1 | — | — | — | — |
| matanza | — | — | — | — |
| paraview | — | — | — | — |
| poco | — | — | — | — |
| python-xml | — | — | — | — |
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| simgear | — | — | — | — |
| sitecopy | — | — | — | — |
| smart | — | — | — | — |
| swish-e | — | — | — | — |
| texlive-bin | — | — | — | — |
| tla | — | — | — | — |
| vnc4 | — | — | — | — |
| vtk | — | — | — | — |
| w3c-libwww | — | — | — | — |
| wbxml2 | — | — | — | — |
| wxwidgets2.6 | — | — | — | — |
| wxwidgets2.8 | — | — | — | — |
| wxwindows2.4 | — | — | — | — |
| xmlrpc-c | — | — | — | — |
| xotcl | — | — | — | — |
| xulrunner | — | — | — | — |
Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves,...
3 affected packages
ghostscript, lcms, lcms2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | — | — | — |
| lcms | — | — | — | — |
| lcms2 | — | — | — | — |
Some fixes available 5 of 107
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
32 affected packages
ayttm, apache2, cmake, ghostscript, paraview...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ayttm | Not in release | Not in release | Not in release | Not in release |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| paraview | Not affected | Not affected | Not affected | Not affected |
| libparagui1.1 | Not in release | Not in release | Not in release | Not in release |
| audacity | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cableswig | Not in release | Not in release | Not in release | Not in release |
| cadaver | Not affected | Not affected | Not affected | Not affected |
| expat | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libxmltok | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release |
| coin3 | Not affected | Not affected | Not affected | Not affected |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| kompozer | Not in release | Not in release | Not in release | Not in release |
| matanza | Not affected | Not affected | Not affected | Not affected |
| poco | Not affected | Not affected | Not affected | Not affected |
| simgear | Not affected | Not affected | Not affected | Not affected |
| sitecopy | Not in release | Not affected | Not affected | Not affected |
| smart | Not in release | Not in release | Not in release | Not affected |
| swish-e | Not affected | Not affected | Not affected | Not affected |
| tdom | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| tla | Not affected | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Ignored |
| vtk | Not in release | Not in release | Not in release | Not in release |
| wbxml2 | Not affected | Not affected | Not affected | Not affected |
| wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release |
| wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release |
| xotcl | Not affected | Not affected | Not affected | Not affected |
Some fixes available 2 of 6
Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial...
5 affected packages
argyll, ghostscript, gs-afpl, gs-esp, gs-gpl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| argyll | — | — | — | — |
| ghostscript | — | — | — | — |
| gs-afpl | — | — | — | — |
| gs-esp | — | — | — | — |
| gs-gpl | — | — | — | — |
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
40 affected packages
expat, apr-util, audacity, ayttm, cableswig...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| expat | — | — | — | Not affected |
| apr-util | — | — | — | Ignored |
| audacity | — | — | — | Not affected |
| ayttm | — | — | — | Not in release |
| cableswig | — | — | — | Not in release |
| cadaver | — | — | — | Not affected |
| coin3 | — | — | — | Not affected |
| gdcm | — | — | — | Not affected |
| insighttoolkit | — | — | — | Not in release |
| matanza | — | — | — | Not affected |
| paraview | — | — | — | Not affected |
| poco | — | — | — | Not affected |
| simgear | — | — | — | Not affected |
| sitecopy | — | — | — | Not affected |
| swish-e | — | — | — | Not affected |
| tdom | — | — | — | Not affected |
| texlive-bin | — | — | — | Ignored |
| tla | — | — | — | Not affected |
| vnc4 | — | — | — | Ignored |
| vtk | — | — | — | Not in release |
| wbxml2 | — | — | — | Not affected |
| wxwidgets2.8 | — | — | — | Not in release |
| apache2 | — | — | — | Ignored |
| celementtree | — | — | — | Not in release |
| cmake | — | — | — | Ignored |
| ghostscript | — | — | — | Ignored |
| grmonitor | — | — | — | Not in release |
| kompozer | — | — | — | Not in release |
| libparagui1.1 | — | — | — | Not in release |
| python-xml | — | — | — | Not in release |
| python2.4 | — | — | — | Not in release |
| python2.5 | — | — | — | Not in release |
| python2.6 | — | — | — | Not in release |
| smart | — | — | — | Ignored |
| w3c-libwww | — | — | — | Not in release |
| wxwidgets2.6 | — | — | — | Not in release |
| wxwindows2.4 | — | — | — | Not in release |
| xmlrpc-c | — | — | — | Ignored |
| xotcl | — | — | — | Not affected |
| xulrunner | — | — | — | Not in release |