Search CVE reports
191 – 200 of 217 results
CVE-2012-6702
Medium prioritySome fixes available 5 of 100
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
32 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Not affected |
cableswig | Not in release | Not in release | Not in release | Not in release | Not affected |
cadaver | Not affected | Not affected | Not affected | Not affected | Not affected |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Not affected | Not affected |
expat | Not affected | Not affected | Not affected | Not affected | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Not affected | Not affected | Not affected | Not affected | Not affected |
matanza | Not affected | Not affected | Not affected | Not affected | Not affected |
paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Not affected | Not affected | Not affected | Not affected | Not affected |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2012-4405
Medium prioritySome fixes available 2 of 6
Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial...
5 affected packages
argyll, ghostscript, gs-afpl, gs-esp, gs-gpl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
argyll | — | — | — | — | Not affected |
ghostscript | — | — | — | — | Not affected |
gs-afpl | — | — | — | — | Not in release |
gs-esp | — | — | — | — | Not in release |
gs-gpl | — | — | — | — | Not in release |
CVE-2012-1147
Low priorityreadfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
40 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | — | — | — | Ignored | Ignored |
apr-util | — | — | — | Ignored | Ignored |
audacity | — | — | — | Not affected | Not affected |
ayttm | — | — | — | Not in release | Not affected |
cableswig | — | — | — | Not in release | Not affected |
cadaver | — | — | — | Not affected | Not affected |
celementtree | — | — | — | Not in release | Not in release |
cmake | — | — | — | Ignored | Ignored |
coin3 | — | — | — | Not affected | Not affected |
expat | — | — | — | Not affected | Not affected |
gdcm | — | — | — | Not affected | Not affected |
ghostscript | — | — | — | Ignored | Ignored |
grmonitor | — | — | — | Not in release | Not in release |
insighttoolkit | — | — | — | Not in release | Not affected |
kompozer | — | — | — | Not in release | Not in release |
libparagui1.1 | — | — | — | Not in release | Not in release |
matanza | — | — | — | Not affected | Not affected |
paraview | — | — | — | Not affected | Not affected |
poco | — | — | — | Not affected | Not affected |
python-xml | — | — | — | Not in release | Not in release |
python2.4 | — | — | — | Not in release | Not in release |
python2.5 | — | — | — | Not in release | Not in release |
python2.6 | — | — | — | Not in release | Not in release |
simgear | — | — | — | Not affected | Not affected |
sitecopy | — | — | — | Not affected | Not affected |
smart | — | — | — | Ignored | Ignored |
swish-e | — | — | — | Not affected | Not affected |
tdom | — | — | — | Not affected | Not affected |
texlive-bin | — | — | — | Ignored | Ignored |
tla | — | — | — | Not affected | Not affected |
vnc4 | — | — | — | Ignored | Ignored |
vtk | — | — | — | Not in release | Not affected |
w3c-libwww | — | — | — | Not in release | Not in release |
wbxml2 | — | — | — | Not affected | Not affected |
wxwidgets2.6 | — | — | — | Not in release | Not in release |
wxwidgets2.8 | — | — | — | Not in release | Not in release |
wxwindows2.4 | — | — | — | Not in release | Not in release |
xmlrpc-c | — | — | — | Ignored | Ignored |
xotcl | — | — | — | Not affected | Not affected |
xulrunner | — | — | — | Not in release | Not in release |
CVE-2012-1148
Low prioritySome fixes available 39 of 391
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause...
41 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cableswig | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
celementtree | Not in release | Not in release | Not in release | Not in release | Not in release |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
expat | Not affected | Not affected | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
grmonitor | Not in release | Not in release | Not in release | Not in release | Not in release |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Vulnerable | Fixed | Fixed | Fixed | Fixed |
matanza | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
python-xml | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
w3c-libwww | Not in release | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwindows2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Fixed | Fixed | Fixed | Fixed | Fixed |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
xulrunner | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2012-0876
Medium prioritySome fixes available 35 of 382
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption)...
41 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cableswig | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
celementtree | Not in release | Not in release | Not in release | Not in release | Not in release |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
expat | Not affected | Not affected | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
grmonitor | Not in release | Not in release | Not in release | Not in release | Not in release |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Not affected | Not affected | Not affected | Not affected | Not affected |
matanza | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
python-xml | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
w3c-libwww | Not in release | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwindows2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Fixed | Fixed | Fixed | Fixed | Fixed |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
xulrunner | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2011-4517
Medium prioritySome fixes available 7 of 8
The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary...
3 affected packages
ghostscript, jasper, netpbm-free
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | — | — | — | — | — |
jasper | — | — | — | — | — |
netpbm-free | — | — | — | — | — |
CVE-2011-4516
Medium prioritySome fixes available 7 of 8
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls...
3 affected packages
ghostscript, jasper, netpbm-free
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | — | — | — | — | — |
jasper | — | — | — | — | — |
netpbm-free | — | — | — | — | — |
CVE-2010-4054
Low prioritySome fixes available 1 of 6
The gs_type2_interpret function in Ghostscript allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) via crafted font data in a compressed data stream, aka bug 691043.
4 affected packages
ghostscript, gs-afpl, gs-esp, gs-gpl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | — | — | — | — | — |
gs-afpl | — | — | — | — | — |
gs-esp | — | — | — | — | — |
gs-gpl | — | — | — | — | — |
CVE-2009-3743
Low prioritySome fixes available 1 of 6
Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed...
4 affected packages
ghostscript, gs-afpl, gs-esp, gs-gpl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | — | — | — | — | — |
gs-afpl | — | — | — | — | — |
gs-esp | — | — | — | — | — |
gs-gpl | — | — | — | — | — |
CVE-2010-2055
Medium priorityGhostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option...
4 affected packages
ghostscript, gs-afpl, gs-esp, gs-gpl
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ghostscript | — | — | — | — | — |
gs-afpl | — | — | — | — | — |
gs-esp | — | — | — | — | — |
gs-gpl | — | — | — | — | — |