Search CVE reports
241 – 250 of 497 results
Some fixes available 6 of 164
stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.
13 affected packages
catimg, ccextractor, goxel, libsfml, libsixel...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| catimg | Needs evaluation | Needs evaluation | Ignored | Ignored |
| ccextractor | Needs evaluation | Needs evaluation | Ignored | Not in release |
| goxel | Needs evaluation | Needs evaluation | Ignored | Ignored |
| libsfml | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libsixel | Needs evaluation | Needs evaluation | Ignored | Ignored |
| love | Needs evaluation | Needs evaluation | Ignored | Ignored |
| mame | Fixed | Fixed | Fixed | Fixed |
| renderdoc | Not in release | Needs evaluation | Ignored | Not in release |
| retroarch | Needs evaluation | Needs evaluation | Ignored | Ignored |
| flif | Not in release | Not in release | Not in release | Not in release |
| tweeny | Needs evaluation | Needs evaluation | Ignored | Not in release |
| zam-plugins | Needs evaluation | Needs evaluation | Ignored | Ignored |
| zynaddsubfx | Needs evaluation | Needs evaluation | Ignored | Ignored |
Some fixes available 2 of 4
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.
1 affected package
libextractor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libextractor | Not affected | Not affected | Not affected | Vulnerable |
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.
4 affected packages
poppler, ipe, libextractor, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| poppler | Not affected | Not affected | Not affected | Not affected |
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libextractor | Not affected | Not affected | Not affected | Not affected |
| xpdf | Vulnerable | Vulnerable | Not in release | Vulnerable |
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
4 affected packages
ipe, libextractor, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libextractor | Not affected | Not affected | Not affected | Not affected |
| poppler | Not affected | Not affected | Not affected | Not affected |
| xpdf | Vulnerable | Vulnerable | Not in release | Vulnerable |
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template...
1 affected package
ocsinventory-server
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ocsinventory-server | — | — | — | Not affected |
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service.
1 affected package
ocsinventory-server
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ocsinventory-server | Not affected | Not affected | Not affected | Vulnerable |
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the...
1 affected package
ocsinventory-server
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ocsinventory-server | Not affected | Not affected | Not affected | Vulnerable |
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.
1 affected package
ocsinventory-server
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ocsinventory-server | Not affected | Not affected | Not affected | Vulnerable |
Some fixes available 2 of 5
GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).
1 affected package
libextractor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libextractor | Not affected | Not affected | Not affected | Vulnerable |
Some fixes available 2 of 5
GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).
1 affected package
libextractor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libextractor | Not affected | Not affected | Not affected | Vulnerable |