Search CVE reports
181 – 190 of 217 results
CVE-2014-8158
Medium prioritySome fixes available 4 of 5
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
3 affected packages
ghostscript, jasper, netpbm-free
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | — | — | — | — | — |
jasper | — | — | — | — | — |
netpbm-free | — | — | — | — | — |
CVE-2014-8157
Medium prioritySome fixes available 4 of 5
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a...
3 affected packages
ghostscript, jasper, netpbm-free
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | — | — | — | — | — |
jasper | — | — | — | — | — |
netpbm-free | — | — | — | — | — |
CVE-2014-8138
Medium prioritySome fixes available 4 of 5
Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.
3 affected packages
ghostscript, jasper, netpbm-free
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | — | — | — | — | — |
jasper | — | — | — | — | — |
netpbm-free | — | — | — | — | — |
CVE-2014-8137
Low prioritySome fixes available 4 of 5
Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a...
3 affected packages
ghostscript, jasper, netpbm-free
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | — | — | — | — | — |
jasper | — | — | — | — | — |
netpbm-free | — | — | — | — | — |
CVE-2014-9029
Medium prioritySome fixes available 4 of 5
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which...
2 affected packages
ghostscript, jasper
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | — | — | — | — | — |
jasper | — | — | — | — | — |
CVE-2010-4820
Medium priorityUntrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability...
4 affected packages
ghostscript, gs-afpl, gs-esp, gs-gpl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | — | — | — | — | — |
gs-afpl | — | — | — | — | — |
gs-esp | — | — | — | — | — |
gs-gpl | — | — | — | — | — |
CVE-2013-0340
Medium priorityexpat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption),...
40 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | — | — | — | — | — |
apr-util | — | — | — | — | — |
audacity | — | — | — | — | — |
ayttm | — | — | — | — | — |
cableswig | — | — | — | — | — |
cadaver | — | — | — | — | — |
celementtree | — | — | — | — | — |
cmake | — | — | — | — | — |
coin3 | — | — | — | — | — |
expat | — | — | — | — | — |
gdcm | — | — | — | — | — |
ghostscript | — | — | — | — | — |
grmonitor | — | — | — | — | — |
insighttoolkit | — | — | — | — | — |
kompozer | — | — | — | — | — |
libparagui1.1 | — | — | — | — | — |
matanza | — | — | — | — | — |
paraview | — | — | — | — | — |
poco | — | — | — | — | — |
python-xml | — | — | — | — | — |
python2.4 | — | — | — | — | — |
python2.5 | — | — | — | — | — |
python2.6 | — | — | — | — | — |
simgear | — | — | — | — | — |
sitecopy | — | — | — | — | — |
smart | — | — | — | — | — |
swish-e | — | — | — | — | — |
tdom | — | — | — | — | — |
texlive-bin | — | — | — | — | — |
tla | — | — | — | — | — |
vnc4 | — | — | — | — | — |
vtk | — | — | — | — | — |
w3c-libwww | — | — | — | — | — |
wbxml2 | — | — | — | — | — |
wxwidgets2.6 | — | — | — | — | — |
wxwidgets2.8 | — | — | — | — | — |
wxwindows2.4 | — | — | — | — | — |
xmlrpc-c | — | — | — | — | — |
xotcl | — | — | — | — | — |
xulrunner | — | — | — | — | — |
CVE-2013-5653
Medium priorityThe getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
1 affected packages
ghostscript
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | — | — | — | — | Fixed |
CVE-2013-4276
Low priorityMultiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to...
3 affected packages
ghostscript, lcms, lcms2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | — | — | — | Not affected | Not affected |
lcms | — | — | — | Not in release | Not in release |
lcms2 | — | — | — | Not affected | Not affected |
CVE-2013-4160
Medium priorityLittle CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves,...
3 affected packages
ghostscript, lcms, lcms2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | — | — | — | — | — |
lcms | — | — | — | — | — |
lcms2 | — | — | — | — | — |