Search CVE reports

211 – 220 of 249 results

Detailed view

Sort by:

CVE-2015-1283

Medium priority

Some fixes available 42 of 255

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or...

33 affected packages

cmake, ghostscript, texlive-bin, libparagui1.1, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
ayttm	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
expat	Not affected	Not affected	Not affected	Not affected
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
cableswig	Not in release	Not in release	Not in release	Not in release
chromium-browser	Fixed	Fixed	Fixed	Fixed
coin3	Vulnerable	Vulnerable	Vulnerable	Vulnerable
gdcm	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release
oxide-qt	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Vulnerable
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
libxmltok	Fixed	Fixed	Fixed	Fixed
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
xotcl	Not affected	Not affected	Not affected	Not affected

CVE-2014-8158

Medium priority

Some fixes available 4 of 5

Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.

3 affected packages

ghostscript, jasper, netpbm-free

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
jasper	—	—	—	—
netpbm-free	—	—	—	—

CVE-2014-8157

Medium priority

Some fixes available 4 of 5

Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a...

3 affected packages

ghostscript, jasper, netpbm-free

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
jasper	—	—	—	—
netpbm-free	—	—	—	—

CVE-2014-8138

Medium priority

Some fixes available 4 of 5

Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.

3 affected packages

ghostscript, jasper, netpbm-free

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
jasper	—	—	—	—
netpbm-free	—	—	—	—

CVE-2014-8137

Low priority

Some fixes available 4 of 5

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a...

3 affected packages

ghostscript, jasper, netpbm-free

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
jasper	—	—	—	—
netpbm-free	—	—	—	—

CVE-2014-9029

Medium priority

Some fixes available 4 of 5

Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which...

2 affected packages

ghostscript, jasper

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
jasper	—	—	—	—

CVE-2010-4820

Medium priority

Ignored

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability...

4 affected packages

ghostscript, gs-afpl, gs-esp, gs-gpl

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
gs-afpl	—	—	—	—
gs-esp	—	—	—	—
gs-gpl	—	—	—	—

CVE-2013-0340

Medium priority

Ignored

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption),...

40 affected packages

gdcm, apache2, apr-util, audacity, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gdcm	—	—	—	—
apache2	—	—	—	—
apr-util	—	—	—	—
audacity	—	—	—	—
ayttm	—	—	—	—
cableswig	—	—	—	—
cadaver	—	—	—	—
celementtree	—	—	—	—
cmake	—	—	—	—
coin3	—	—	—	—
expat	—	—	—	—
ghostscript	—	—	—	—
grmonitor	—	—	—	—
insighttoolkit	—	—	—	—
kompozer	—	—	—	—
libparagui1.1	—	—	—	—
matanza	—	—	—	—
paraview	—	—	—	—
poco	—	—	—	—
python-xml	—	—	—	—
python2.4	—	—	—	—
python2.5	—	—	—	—
python2.6	—	—	—	—
simgear	—	—	—	—
sitecopy	—	—	—	—
smart	—	—	—	—
swish-e	—	—	—	—
tdom	—	—	—	—
texlive-bin	—	—	—	—
tla	—	—	—	—
vnc4	—	—	—	—
vtk	—	—	—	—
w3c-libwww	—	—	—	—
wbxml2	—	—	—	—
wxwidgets2.6	—	—	—	—
wxwidgets2.8	—	—	—	—
wxwindows2.4	—	—	—	—
xmlrpc-c	—	—	—	—
xotcl	—	—	—	—
xulrunner	—	—	—	—

CVE-2013-5653

Medium priority

Fixed

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

1 affected package

ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—

CVE-2013-4276

Low priority

Ignored

Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to...

3 affected packages

lcms, ghostscript, lcms2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lcms	—	—	—	Not in release
ghostscript	—	—	—	Not affected
lcms2	—	—	—	Not affected

Export to JSON

Results by page: