Search CVE reports
121 – 130 of 184 results
CVE-2021-43519
Low priorityStack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
45 affected packages
ardour, bam, blobby, ceph, darktable...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ardour | Not affected | Not affected | Not affected | Not affected | Not affected |
bam | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
blobby | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ceph | Not affected | Not affected | Not affected | Not affected | Not affected |
darktable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
eja | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
emscripten | Needs evaluation | Needs evaluation | — | Needs evaluation | Needs evaluation |
enigma | Not affected | Not affected | Not affected | Not affected | Not affected |
freeciv | Not affected | Not affected | Not affected | Not affected | Not affected |
freedroidrpg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
fs-uae | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
golly | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
goxel | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
grub2 | Not affected | Not affected | Not affected | Not affected | Not affected |
gtk2-engines | Not affected | Not affected | Not affected | Not affected | Not affected |
haskell-hslua | Not affected | Not affected | Not affected | Not affected | Not affected |
hedgewars | Not affected | Not affected | Not affected | Not affected | Not affected |
lua5.1 | Not affected | Not affected | Not affected | Not affected | Not affected |
lua5.2 | Not affected | Not affected | Not affected | Not affected | Not affected |
lua5.3 | Not affected | Not affected | Not affected | Not affected | Not affected |
lua5.4 | Not affected | Not affected | Not in release | Not in release | Not in release |
lua50 | Not in release | Not in release | Not affected | Not affected | Not affected |
luajit | Not affected | Not affected | Not affected | Not affected | Not affected |
mame | Not affected | Not affected | Not affected | Not affected | Not affected |
naev | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
openscenegraph | Not affected | Not affected | Not affected | Not affected | Not affected |
redis | Not affected | Not affected | Not affected | Not affected | Not affected |
rust-lua52-sys | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
scite | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
scorched3d | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
scummvm | Not affected | Not affected | Not affected | Not affected | Not affected |
spring | Not affected | Not affected | Not affected | Not affected | Not affected |
syslinux | Not affected | Not affected | Not affected | Not affected | Not affected |
syslinux-legacy | Not in release | Not in release | Not affected | Not affected | Not affected |
tagua | Not affected | Not affected | Not affected | Not affected | Not affected |
tarantool | Needs evaluation | Needs evaluation | Needs evaluation | — | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
tup | Needs evaluation | Needs evaluation | Needs evaluation | — | Ignored |
ufoai | Not affected | Not affected | Not affected | Not affected | Not affected |
vifm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
wcc | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
wesnoth | — | — | — | — | Ignored |
widelands | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmoto | Not affected | Not affected | Not affected | Not affected | Not affected |
zfs-linux | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2020-15999
High prioritySome fixes available 14 of 15
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
18 affected packages
android, chromium-browser, firefox, freetype, godot...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
android | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
chromium-browser | Not affected | Not affected | Not affected | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | Not affected | Not affected |
freetype | Fixed | Fixed | Fixed | Fixed | Fixed |
godot | Not affected | Not affected | Not affected | Not in release | Not in release |
graphicsmagick | Not affected | Not affected | Not affected | Not affected | Not affected |
musescore | Not in release | Not in release | Not affected | Not affected | Not affected |
openjdk-12 | Not in release | Not in release | Not in release | Not in release | Not in release |
openjdk-13 | Not in release | Not in release | Not affected | Not in release | Not in release |
openjdk-15 | Not in release | Not in release | Not in release | Not in release | Not in release |
openjdk-lts | Not affected | Not affected | Not affected | Not affected | Not in release |
oxide-qt | Not in release | Not in release | Not in release | Not in release | Not affected |
paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
qtbase-opensource-src | Not affected | Not affected | Not affected | Not affected | Not affected |
qtbase-opensource-src-gles | Not affected | Not affected | Not affected | Not in release | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
texmaker | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2019-19601
Medium priorityOpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf.
1 affected packages
texlive-bin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
texlive-bin | — | — | Not affected | Not affected | Not affected |
CVE-2019-18604
Low prioritySome fixes available 1 of 3
In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.
1 affected packages
texlive-bin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
texlive-bin | Not affected | Not affected | Fixed | Not affected | Not affected |
CVE-2019-15903
Medium prioritySome fixes available 48 of 168
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a...
32 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
chromium-browser | Fixed | Fixed | Fixed | Fixed | Fixed |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
expat | Not affected | Not affected | Not affected | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected | Needs evaluation |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Vulnerable | Fixed | Fixed | Fixed | Fixed |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
vnc4 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
vtk | Not in release | Not in release | Not in release | Not in release | Fixed |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2018-20843
Low prioritySome fixes available 21 of 108
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable...
32 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
expat | Fixed | Fixed | Fixed | Fixed | Fixed |
firefox | Not affected | Not affected | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Vulnerable | Fixed | Fixed | Fixed | Fixed |
matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
vtk | Not in release | Not in release | Not in release | Not in release | Fixed |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-12493
Negligible priorityA stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered...
7 affected packages
emscripten, ipe, libextractor, poppler, texlive-bin...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emscripten | Ignored | Ignored | Not in release | Ignored | Ignored |
ipe | Not affected | Not affected | Not affected | Not affected | Not affected |
libextractor | Not affected | Not affected | Not affected | Not affected | Not affected |
poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
utopia-documents | Not in release | Not in release | Not in release | Not in release | Not in release |
xpdf | Not affected | Not affected | Not in release | Not affected | Not affected |
CVE-2019-12360
Low priorityA stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an...
7 affected packages
emscripten, ipe, libextractor, poppler, texlive-bin...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emscripten | Ignored | Ignored | Not in release | Ignored | Ignored |
ipe | Not affected | Not affected | Not affected | Not affected | Not affected |
libextractor | Not affected | Not affected | Not affected | Not affected | Not affected |
poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
utopia-documents | Not in release | Not in release | Not in release | Not in release | Not in release |
xpdf | Not affected | Not affected | Not in release | Not affected | Not affected |
CVE-2019-9589
Low priorityThere is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an...
6 affected packages
ipe, libextractor, poppler, texlive-bin, utopia-documents, xpdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ipe | — | Not affected | Not affected | Not affected | Not affected |
libextractor | — | Not affected | Not affected | Not affected | Not affected |
poppler | — | Not affected | Not affected | Not affected | Not affected |
texlive-bin | — | Not affected | Not affected | Not affected | Not affected |
utopia-documents | — | Not in release | Not in release | Not in release | Not in release |
xpdf | — | Not affected | Not in release | Not affected | Not affected |
CVE-2019-9588
Low priorityThere is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service...
6 affected packages
ipe, libextractor, poppler, texlive-bin, utopia-documents, xpdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ipe | Not affected | Not affected | Not affected | Not affected | Not affected |
libextractor | Not affected | Not affected | Not affected | Not affected | Not affected |
poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
utopia-documents | Not in release | Not in release | Not in release | Not in release | Not in release |
xpdf | Not affected | Not affected | Not in release | Not affected | Not affected |