Search CVE reports
11 – 20 of 86 results
Some fixes available 4 of 35
openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.
7 affected packages
insighttoolkit4, qtwebengine-opensource-src, blender, texmaker, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | — | — |
| openjpeg2 | Not affected | Fixed | Fixed | Fixed | Fixed |
Some fixes available 3 of 30
OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
7 affected packages
insighttoolkit4, qtwebengine-opensource-src, blender, texmaker, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg | Not in release | Not in release | Not in release | — | — |
| openjpeg2 | Fixed | Not affected | Not affected | Not affected | Not affected |
Some fixes available 6 of 82
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to...
23 affected packages
cadaver, apache2, apr-util, cmake, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | Not in release | Not in release | Not in release | Not in release | — |
| cableswig | Not in release | Not in release | Not in release | Not in release | — |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release | — |
| smart | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | Not in release | — |
| thunderbird | Not affected | Not affected | Not affected | Not in release | — |
| libxmltok | Not in release | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| expat | Fixed | Fixed | Fixed | Ignored | Ignored |
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is...
5 affected packages
hdf5, insighttoolkit, insighttoolkit4, insighttoolkit5, paraview
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| hdf5 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release | — |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Needs evaluation |
| insighttoolkit5 | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | — |
| paraview | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
Some fixes available 11 of 37
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
7 affected packages
insighttoolkit4, qtwebengine-opensource-src, blender, texmaker, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| openjpeg | Not in release | Not in release | Not in release | Not in release | — |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
Some fixes available 11 of 37
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
7 affected packages
insighttoolkit4, qtwebengine-opensource-src, texmaker, openjpeg2, blender...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| openjpeg | Not in release | Not in release | Not in release | Not in release | — |
Some fixes available 7 of 74
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
23 affected packages
smart, apache2, apr-util, cmake, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| smart | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Needs evaluation |
| expat | Not affected | Fixed | Fixed | Fixed | Fixed |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | Not in release | Not in release | Not in release | Not in release | — |
| cableswig | Not in release | Not in release | Not in release | Not in release | — |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release | — |
| firefox | Not affected | Not affected | Not affected | Not in release | — |
| thunderbird | Not affected | Not affected | Not affected | Not in release | — |
| libxmltok | Not in release | Not affected | Not affected | Not affected | Not affected |
Some fixes available 6 of 73
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
23 affected packages
tdom, apache2, apr-util, cmake, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | Not in release | Not in release | Not in release | Not in release | — |
| cableswig | Not in release | Not in release | Not in release | Not in release | — |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| vtk | Not in release | Not in release | Not in release | Not in release | — |
| smart | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | Not in release | — |
| thunderbird | Not affected | Not affected | Not affected | Not in release | — |
| libxmltok | Not in release | Not affected | Not affected | Not affected | Not affected |
| expat | Not affected | Fixed | Fixed | Fixed | Fixed |
Some fixes available 13 of 80
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
23 affected packages
apache2, apr-util, cmake, ghostscript, texlive-bin...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | Not in release | Not in release | Not in release | Not in release | — |
| cableswig | Not in release | Not in release | Not in release | Not in release | — |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release | — |
| smart | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | Not in release | — |
| thunderbird | Not affected | Not affected | Not affected | Not in release | — |
| libxmltok | Not in release | Fixed | Fixed | Fixed | Fixed |
| expat | Not affected | Fixed | Fixed | Fixed | Fixed |
Some fixes available 13 of 80
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| expat | Not affected | Fixed | Fixed | Fixed | Fixed |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | Not in release | Not in release | Not in release | Not in release | — |
| cableswig | Not in release | Not in release | Not in release | Not in release | — |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release | — |
| smart | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | Not in release | — |
| thunderbird | Not affected | Not affected | Not affected | Not in release | — |
| libxmltok | Not in release | Fixed | Fixed | Fixed | Fixed |