Search CVE reports
21 – 30 of 86 results
A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.
7 affected packages
openjpeg2, insighttoolkit4, qtwebengine-opensource-src, blender, texmaker...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openjpeg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | — |
Some fixes available 11 of 43
A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.
7 affected packages
insighttoolkit4, qtwebengine-opensource-src, blender, texmaker, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| openjpeg | Not in release | Not in release | Not in release | Not in release | — |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.
7 affected packages
openjpeg2, insighttoolkit4, qtwebengine-opensource-src, blender, texmaker...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openjpeg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | — |
Some fixes available 2 of 85
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| expat | Not affected | Not affected | Fixed | Ignored | Ignored |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | Not in release | Not in release | Not in release | Not in release | — |
| cableswig | Not in release | Not in release | Not in release | Not in release | — |
| coin3 | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release | — |
| smart | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | Not in release | — |
| thunderbird | Not affected | Not affected | Not affected | Not in release | — |
| libxmltok | Not in release | Ignored | Ignored | Ignored | Ignored |
Some fixes available 5 of 46
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
23 affected packages
tdom, vtk, expat, apache2, apr-util...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| expat | Fixed | Fixed | Not affected | Not affected | Not affected |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Not affected |
| wbxml2 | Needs evaluation | Needs evaluation | Not affected | Not affected | Not affected |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| coin3 | Not affected | Not affected | Not affected | Not affected | Ignored |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| firefox | Not affected | Not affected | Not affected | Not in release | Ignored |
| thunderbird | Not affected | Not affected | Not affected | Not in release | Ignored |
| libxmltok | Not in release | Not affected | Not affected | Not affected | Not affected |
Some fixes available 7 of 57
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| expat | Fixed | Fixed | Fixed | Ignored | Ignored |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| vnc4 | Not in release | Not in release | Not in release | Not in release | Ignored |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release | Not in release |
| coin3 | Not affected | Not affected | Not affected | Not affected | Ignored |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| vtk | Not in release | Not in release | Not in release | Not in release | Not in release |
| smart | Not in release | Not in release | Not in release | Not in release | Not affected |
| firefox | Not affected | Not affected | Not affected | Not in release | Ignored |
| thunderbird | Not affected | Not affected | Not affected | Not in release | Ignored |
| libxmltok | Not in release | Ignored | Ignored | Ignored | Ignored |
Some fixes available 13 of 80
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
24 affected packages
xmlrpc-c, cableswig, apache2, apr-util, cmake...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| cableswig | — | — | Not in release | Not in release | Not in release |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| vnc4 | — | — | Not in release | Not in release | Ignored |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ayttm | — | — | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| coin3 | Not affected | Not affected | Not affected | Not affected | Ignored |
| firefox | Not affected | Not affected | Not affected | Not in release | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | — | — | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| libxmltok | Not in release | Not affected | Not affected | Not affected | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| smart | — | — | Not in release | Not in release | Not affected |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| thunderbird | Ignored | Ignored | Ignored | Not in release | Ignored |
| vtk | — | — | Not in release | Not in release | Not in release |
Some fixes available 15 of 96
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
24 affected packages
firefox, cadaver, coin3, gdcm, libxmltok...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Fixed | Fixed |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| coin3 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| libxmltok | Not in release | Not affected | Not affected | Not affected | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored | Ignored |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| thunderbird | Ignored | Ignored | Ignored | Not in release | Ignored |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
| expat | Fixed | Fixed | Fixed | Fixed | Fixed |
| vnc4 | — | — | Not in release | Not in release | Ignored |
| apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
| ayttm | — | — | Not in release | Not in release | Not in release |
| cableswig | — | — | Not in release | Not in release | Not in release |
| smart | — | — | Not in release | Not in release | Ignored |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | — | — | Not in release | Not in release | Not in release |
| texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
| vtk | — | — | Not in release | Not in release | Not in release |
Some fixes available 4 of 41
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls...
7 affected packages
insighttoolkit4, openjpeg2, ghostscript, blender, openjpeg...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| openjpeg2 | Not affected | Not affected | Fixed | Fixed | Fixed |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
Some fixes available 9 of 57
A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled...
7 affected packages
openjpeg2, blender, ghostscript, insighttoolkit4, openjpeg...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Ignored | Ignored |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |