Search CVE reports
21 – 30 of 45 results
An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).
6 affected packages
hdf5, insighttoolkit4, kissplice, paraview, vtk, xdmf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
hdf5 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
kissplice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vtk | — | — | — | — |
xdmf | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.
6 affected packages
hdf5, insighttoolkit4, kissplice, paraview, vtk, xdmf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
hdf5 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
kissplice | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vtk | — | — | — | — |
xdmf | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 32 of 135
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
24 affected packages
expat, apache2, apr-util, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
expat | Fixed | Fixed | Fixed | Fixed |
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cableswig | Not in release | Not in release | Not in release | Not in release |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
firefox | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
libxmltok | Fixed | Fixed | Fixed | Fixed |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
matanza | Ignored | Ignored | Ignored | Ignored |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Not affected |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
thunderbird | Not affected | Fixed | Fixed | Ignored |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 32 of 135
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
24 affected packages
cmake, expat, vtk, apache2, apr-util...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
cmake | Not affected | Not affected | Not affected | Not affected |
expat | Fixed | Fixed | Fixed | Fixed |
vtk | Not in release | Not in release | Not in release | Not in release |
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cableswig | Not in release | Not in release | Not in release | Not in release |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
firefox | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
libxmltok | Fixed | Fixed | Fixed | Fixed |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Fixed | Fixed | Ignored |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 32 of 135
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
24 affected packages
coin3, apache2, apr-util, ayttm, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cableswig | Not in release | Not in release | Not in release | Not in release |
cmake | Not affected | Not affected | Not affected | Not affected |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
libxmltok | Fixed | Fixed | Fixed | Fixed |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Fixed | Fixed | Ignored |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
vtk | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 32 of 135
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
24 affected packages
expat, ayttm, apache2, apr-util, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
expat | Fixed | Fixed | Fixed | Fixed |
ayttm | Not in release | Not in release | Not in release | Not in release |
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
cableswig | Not in release | Not in release | Not in release | Not in release |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
firefox | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
libxmltok | Fixed | Fixed | Fixed | Fixed |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Fixed | Fixed | Ignored |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 32 of 135
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
24 affected packages
apr-util, ayttm, cadaver, apache2, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
apache2 | Not affected | Not affected | Not affected | Not affected |
cableswig | Not in release | Not in release | Not in release | Not in release |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
libxmltok | Fixed | Fixed | Fixed | Fixed |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Fixed | Fixed | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 32 of 135
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
24 affected packages
cadaver, insighttoolkit4, matanza, swish-e, tdom...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
matanza | Ignored | Ignored | Ignored | Ignored |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cableswig | Not in release | Not in release | Not in release | Not in release |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
libxmltok | Fixed | Fixed | Fixed | Fixed |
smart | Not in release | Not in release | Not in release | Not affected |
thunderbird | Not affected | Fixed | Fixed | Ignored |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | Not in release |
Some fixes available 30 of 333
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
50 affected packages
apr-util, audacity, ayttm, cableswig, cadaver...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
apr-util | Not affected | Not affected | Not affected | Not affected |
audacity | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cableswig | Not in release | Not in release | Not in release | Not in release |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coda | Needs evaluation | Needs evaluation | Needs evaluation | — |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
emboss | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
libxmltok | Fixed | Fixed | Fixed | Fixed |
harp | Needs evaluation | Needs evaluation | Needs evaluation | — |
ibm-3270 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
insighttoolkit5 | Needs evaluation | Needs evaluation | — | — |
libsynthesis | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
mame | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
matanza | Ignored | Ignored | Ignored | Ignored |
opencollada | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
poco | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
python2.7 | Not in release | Not affected | Not affected | Not affected |
python3.10 | Not in release | Not affected | Not in release | Not in release |
python3.4 | Not in release | Not in release | Not in release | Not in release |
python3.5 | Not in release | Not in release | Not in release | Not in release |
python3.6 | Not in release | Not in release | Not in release | Not affected |
python3.7 | Not in release | Not in release | Not in release | Not affected |
python3.8 | Not in release | Not in release | Not affected | Not affected |
python3.9 | Not in release | Not in release | Not affected | Not in release |
thunderbird | Not affected | Not affected | Not in release | Ignored |
qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
sitecopy | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
smart | Not in release | Not in release | Not in release | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
tla | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
visp | Needs evaluation | Needs evaluation | — | Needs evaluation |
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
vtk | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc | — | — | — | — |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xsd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
apache2 | Not affected | Not affected | Not affected | Not affected |
astropy | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 24 of 122
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
24 affected packages
vnc4, apache2, apr-util, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
---|---|---|---|---|
vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
apache2 | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release |
cableswig | Not in release | Not in release | Not in release | Not in release |
cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
cmake | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Needs evaluation |
expat | Fixed | Fixed | Fixed | Fixed |
firefox | Fixed | Fixed | Fixed | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected |
insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release |
matanza | Ignored | Ignored | Ignored | Ignored |
smart | Not in release | Not in release | Not in release | Not affected |
swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
texlive-bin | Not affected | Not affected | Not affected | Not affected |
thunderbird | Not affected | Not affected | Not in release | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libxmltok | Not affected | Not affected | Not affected | Not affected |