Search CVE reports
61 – 70 of 243 results
Some fixes available 30 of 127
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
24 affected packages
vnc4, vtk, xmlrpc-c, libxmltok, matanza...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Fixed | Fixed | Fixed | Fixed |
| matanza | Ignored | Ignored | Ignored | Ignored |
| expat | Fixed | Fixed | Fixed | Fixed |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release |
| coin3 | Not affected | Not affected | Not affected | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| smart | Not in release | Not in release | Not in release | Not affected |
| firefox | Fixed | Fixed | Fixed | Fixed |
| thunderbird | Not affected | Fixed | Fixed | Ignored |
Some fixes available 30 of 127
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
24 affected packages
coin3, vnc4, vtk, xmlrpc-c, libxmltok...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| coin3 | Not affected | Not affected | Not affected | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Fixed | Fixed | Fixed | Fixed |
| expat | Fixed | Fixed | Fixed | Fixed |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release |
| matanza | Ignored | Ignored | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| smart | Not in release | Not in release | Not in release | Not affected |
| firefox | Fixed | Fixed | Fixed | Fixed |
| thunderbird | Not affected | Fixed | Fixed | Ignored |
Some fixes available 30 of 127
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
24 affected packages
xmlrpc-c, libxmltok, matanza, vtk, expat...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Fixed | Fixed | Fixed | Fixed |
| matanza | Ignored | Ignored | Ignored | Ignored |
| vtk | Not in release | Not in release | Not in release | Not in release |
| expat | Fixed | Fixed | Fixed | Fixed |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release |
| coin3 | Not affected | Not affected | Not affected | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| smart | Not in release | Not in release | Not in release | Not affected |
| firefox | Fixed | Fixed | Fixed | Fixed |
| thunderbird | Not affected | Fixed | Fixed | Ignored |
Some fixes available 30 of 127
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
24 affected packages
coin3, vtk, libxmltok, matanza, expat...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| coin3 | Not affected | Not affected | Not affected | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release |
| libxmltok | Fixed | Fixed | Fixed | Fixed |
| matanza | Ignored | Ignored | Ignored | Ignored |
| expat | Fixed | Fixed | Fixed | Fixed |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| smart | Not in release | Not in release | Not in release | Not affected |
| firefox | Fixed | Fixed | Fixed | Fixed |
| thunderbird | Not affected | Fixed | Fixed | Ignored |
Some fixes available 1 of 2
A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device...
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | Fixed | Not affected | Not affected |
A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The...
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | Not affected | Not affected | Not affected |
Some fixes available 4 of 46
A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls...
7 affected packages
openjpeg2, insighttoolkit4, qtwebengine-opensource-src, blender, texmaker...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openjpeg2 | Not affected | Fixed | Fixed | Fixed |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| openjpeg | Not in release | Not in release | Not in release | Not in release |
Some fixes available 28 of 310
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
50 affected packages
coin3, poco, vnc4, vtk, xmlrpc-c...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| coin3 | Not affected | Not affected | Not affected | Needs evaluation |
| poco | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Fixed | Fixed | Fixed | Fixed |
| audacity | Not affected | Not affected | Not affected | Not affected |
| expat | Fixed | Fixed | Fixed | Fixed |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release |
| matanza | Ignored | Ignored | Ignored | Ignored |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| smart | Not in release | Not in release | Not in release | Not affected |
| firefox | Fixed | Fixed | Fixed | Fixed |
| thunderbird | Not affected | Not affected | Not in release | Ignored |
| python2.7 | Not in release | Not affected | Not affected | Not affected |
| python3.4 | Not in release | Not in release | Not in release | Not in release |
| python3.5 | Not in release | Not in release | Not in release | Not in release |
| python3.6 | Not in release | Not in release | Not in release | Not affected |
| python3.7 | Not in release | Not in release | Not in release | Not affected |
| python3.8 | Not in release | Not in release | Not affected | Not affected |
| python3.9 | Not in release | Not in release | Not affected | Not in release |
| python3.10 | Not in release | Not affected | Not in release | Not in release |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| visp | Needs evaluation | Needs evaluation | — | Needs evaluation |
| astropy | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| emboss | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| paraview | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ibm-3270 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| coda | Needs evaluation | Needs evaluation | Needs evaluation | — |
| mame | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| opencollada | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| harp | Needs evaluation | Needs evaluation | Needs evaluation | — |
| tla | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libsynthesis | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xsd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| sitecopy | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit5 | Needs evaluation | Needs evaluation | — | — |
| xmlrpc | — | — | — | — |
Some fixes available 22 of 114
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
24 affected packages
coin3, vtk, xmlrpc-c, matanza, expat...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| coin3 | Not affected | Not affected | Not affected | Needs evaluation |
| vtk | Not in release | Not in release | Not in release | Not in release |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Ignored |
| expat | Fixed | Fixed | Fixed | Fixed |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| vnc4 | Not in release | Not in release | Not in release | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit | Not in release | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| ayttm | Not in release | Not in release | Not in release | Not in release |
| cableswig | Not in release | Not in release | Not in release | Not in release |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| smart | Not in release | Not in release | Not in release | Not affected |
| firefox | Fixed | Fixed | Fixed | Fixed |
| thunderbird | Not affected | Not affected | Not in release | Ignored |
| libxmltok | Not affected | Not affected | Not affected | Not affected |
Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp).
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | — | Not affected | Fixed | Fixed |