Search CVE reports
11 – 19 of 19 results
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
5 affected packages
mapcache, scilab, netcdf, navit, netcdf-parallel
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| navit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
4 affected packages
mapcache, netcdf, scilab, netcdf-parallel
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| netcdf-parallel | Vulnerable | Vulnerable | Vulnerable | Not in release |
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
5 affected packages
mapcache, scilab, navit, netcdf, netcdf-parallel
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| navit | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After...
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.
4 affected packages
mapcache, netcdf-parallel, netcdf, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a...
4 affected packages
mapcache, netcdf, netcdf-parallel, scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mapcache | Ignored | Ignored | Ignored | Ignored |
| netcdf | Not affected | Ignored | Ignored | Not affected |
| netcdf-parallel | Not affected | Ignored | Ignored | Not in release |
| scilab | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in Scilab 5.2.2 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current...
1 affected package
scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| scilab | — | — | — | — |
scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/*.#####, (e) /tmp/*.#####.res, (f) /tmp/*.#####.err, and (g)...
1 affected package
scilab
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| scilab | — | — | — | — |