Search CVE reports
91 – 100 of 217 results
CVE-2020-15389
Low priorityjp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible....
3 affected packages
ghostscript, openjpeg, openjpeg2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | Not affected | Not affected | Not affected | Not affected |
| openjpeg | — | Not in release | Not in release | Not in release | Not affected |
| openjpeg2 | — | Fixed | Fixed | Fixed | Fixed |
CVE-2015-8751
Medium priorityInteger overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.
3 affected packages
ghostscript, jasper, netpbm-free
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | — | — |
| jasper | — | — | — | — | — |
| netpbm-free | — | — | — | — | — |
CVE-2020-8112
Medium prioritySome fixes available 13 of 59
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Fixed | Fixed |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not affected |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-6851
Medium prioritySome fixes available 13 of 64
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Fixed | Fixed |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not affected |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-14869
High priorityA flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse...
1 affected packages
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | Fixed | Fixed |
CVE-2005-2352
Unknown priorityNot in release
I race condition in Temp files was found in gs-gpl before 8.56 addons scripts.
1 affected packages
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | — | — |
CVE-2018-21010
Medium prioritySome fixes available 1 of 55
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
8 affected packages
blender, gdcm, ghostscript, insighttoolkit4, openjpeg...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Ignored |
| openjpeg2 | Not affected | Not affected | Not affected | Vulnerable | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2019-15903
Medium prioritySome fixes available 48 of 168
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a...
32 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| cableswig | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| chromium-browser | Fixed | Fixed | Fixed | Fixed | Fixed |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| coin3 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
| expat | Not affected | Not affected | Not affected | Fixed | Fixed |
| firefox | Fixed | Fixed | Fixed | Fixed | Fixed |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected | Needs evaluation |
| kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
| libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
| libxmltok | Vulnerable | Fixed | Fixed | Fixed | Fixed |
| matanza | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| poco | Not affected | Not affected | Not affected | Not affected | Not affected |
| simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
| sitecopy | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| smart | Not in release | Not in release | Not in release | Not affected | Not affected |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Fixed | Fixed | Fixed | Fixed | Fixed |
| vnc4 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| vtk | Not in release | Not in release | Not in release | Not in release | Fixed |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
| xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2019-14817
Medium priorityA flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted...
1 affected packages
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | Fixed | Fixed |
CVE-2019-14813
Medium priorityA flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript...
1 affected packages
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ghostscript | — | — | — | Fixed | Fixed |