Search CVE reports
11 – 20 of 224 results
CVE-2023-39329
Medium priorityA flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | — | Needs evaluation |
| openjpeg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-39327
Medium prioritySome fixes available 6 of 35
A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | — | Needs evaluation |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-39328
Medium priorityA vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | — | Needs evaluation |
| openjpeg2 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2024-29511
Medium prioritySome fixes available 2 of 3
Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation...
1 affected packages
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ghostscript | Fixed | Fixed | Not affected | Not affected | Not affected |
CVE-2024-29507
Medium prioritySome fixes available 1 of 2
Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
1 affected packages
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ghostscript | Fixed | Not affected | Not affected | Not affected | Not affected |
CVE-2024-29509
Medium prioritySome fixes available 2 of 3
Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.
1 affected packages
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ghostscript | Fixed | Fixed | Not affected | Not affected | Not affected |
CVE-2024-29508
Medium prioritySome fixes available 4 of 7
Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.
1 affected packages
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ghostscript | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2024-29506
Medium prioritySome fixes available 2 of 3
Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.
1 affected packages
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ghostscript | Fixed | Fixed | Not affected | Not affected | Not affected |
CVE-2024-33871
Medium prioritySome fixes available 5 of 7
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver...
1 affected packages
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ghostscript | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2024-33870
Medium prioritySome fixes available 5 of 7
An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a...
1 affected packages
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ghostscript | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |