Search CVE reports
71 – 80 of 106 results
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your...
2 affected packages
chromium-browser, qtwebengine-opensource-src
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | Not affected | Not in release | Not affected |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
Some fixes available 17 of 72
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 17 of 77
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 5 of 66
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param"...
17 affected packages
blender, chromium-browser, gdal, insighttoolkit4, ivtools...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Not affected | Not affected | Not affected | Not affected | Not affected |
| chromium-browser | Not affected | Not affected | Not affected | Not in release | Not affected |
| gdal | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| ivtools | Not affected | Not affected | Not affected | Not affected | Not affected |
| libtk-img | Not affected | Not affected | Not affected | Not affected | Not affected |
| neuron | Not affected | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| paraview | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
| povray | Not affected | Not affected | Not affected | Not affected | Not affected |
| qt4-x11 | Not in release | Not in release | Not in release | Not in release | Not affected |
| qtimageformats-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| sfftobmp | Not in release | Not affected | Not affected | Not affected | Not affected |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tiff | Not affected | Not affected | Not affected | Not affected | Fixed |
| xloadimage | Not affected | Not affected | Not affected | Not affected | Not affected |
Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
10 affected packages
calibre, chromium, enchant, firefox, focuswriter...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| calibre | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| chromium | Not in release | Not in release | Not in release | Not in release | Not in release |
| enchant | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| firefox | Not affected | Not affected | Not affected | Not in release | Not affected |
| focuswriter | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| hunspell | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
| postbooks | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| thunderbird | Not affected | Not affected | Not affected | Not in release | Not affected |
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
3 affected packages
ffmpeg, gst-libav1.0, qtwebengine-opensource-src
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties...
4 affected packages
ffmpeg, gst-libav1.0, qtwebengine-opensource-src, vice
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | — | Not affected | Not affected | Not affected | Not affected |
| gst-libav1.0 | — | Not affected | Not affected | Not affected | Not affected |
| qtwebengine-opensource-src | — | Not affected | Not affected | Not affected | Not affected |
| vice | — | Not affected | Not affected | Not affected | Not affected |
In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf.
3 affected packages
ffmpeg, gst-libav1.0, qtwebengine-opensource-src
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | Not affected | Not affected | Not affected | Not affected | Not affected |
| gst-libav1.0 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 2 of 62
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
8 affected packages
blender, gdcm, ghostscript, insighttoolkit4, openjpeg...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion. This could lead to escalation of privilege from a malicious proxy configuration with no additional...
2 affected packages
chromium-browser, qtwebengine-opensource-src
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | — | — | — | — | Not affected |
| qtwebengine-opensource-src | — | — | — | — | Not affected |