Search CVE reports

Toggle filters

71 – 80 of 257 results

CVE-2019-25059

Medium priority
Fixed

Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839.

1 affected package

ghostscript

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ghostscript Not affected Not affected Fixed
Show less packages

CVE-2022-1350

Low priority
Not affected

A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The...

1 affected package

ghostscript

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ghostscript Not affected Not affected Not affected
Show less packages

CVE-2022-1122

Low priority

Some fixes available 4 of 41

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls...

7 affected packages

insighttoolkit4, openjpeg2, ghostscript, blender, openjpeg...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
insighttoolkit4 Not in release Not in release Needs evaluation Ignored Ignored
openjpeg2 Not affected Not affected Fixed Fixed Fixed
ghostscript Not affected Not affected Not affected Not affected Not affected
blender Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
openjpeg Not in release Not in release Not in release Not in release Not in release
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
texmaker Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show all 7 packages Show less packages

CVE-2021-3575

Low priority

Some fixes available 9 of 57

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled...

7 affected packages

openjpeg2, blender, ghostscript, insighttoolkit4, openjpeg...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openjpeg2 Fixed Fixed Fixed Fixed Fixed
blender Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not in release Needs evaluation Ignored Ignored
openjpeg Not in release Not in release Not in release Not in release Not in release
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
texmaker Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show all 7 packages Show less packages

CVE-2022-25315

Medium priority

Some fixes available 23 of 97

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

24 affected packages

cadaver, apache2, apr-util, ayttm, cableswig...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Ignored
expat Fixed Fixed Fixed Fixed Fixed
firefox Fixed Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored Ignored
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
libxmltok Not in release Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Ignored Ignored Ignored Not in release Ignored
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
vnc4 Not in release Not in release Not in release Not in release Ignored
vtk Not in release Not in release Not in release Not in release Not in release
Show all 24 packages Show less packages

CVE-2022-25314

Medium priority

Some fixes available 21 of 95

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

24 affected packages

thunderbird, ayttm, cableswig, cadaver, apache2...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
thunderbird Ignored Ignored Ignored Not in release Ignored
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Ignored
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
firefox Fixed Fixed Fixed Not in release Ignored
expat Fixed Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
libxmltok Not in release Not affected Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored Ignored
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not in release Ignored
vtk Not in release Not in release Not in release Not in release Not in release
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
Show all 24 packages Show less packages

CVE-2022-25313

Medium priority

Some fixes available 23 of 97

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

24 affected packages

ayttm, apache2, apr-util, cmake, cadaver...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ayttm Not in release Not in release Not in release Not in release Not in release
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
matanza Ignored Ignored Ignored Ignored Ignored
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
thunderbird Ignored Ignored Ignored Not in release Ignored
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
firefox Fixed Fixed Fixed Not in release Ignored
cableswig Not in release Not in release Not in release Not in release Not in release
coin3 Not affected Not affected Not affected Not affected Ignored
expat Fixed Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
libxmltok Not in release Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
vnc4 Not in release Not in release Not in release Not in release Ignored
vtk Not in release Not in release Not in release Not in release Not in release
Show all 24 packages Show less packages

CVE-2022-25236

High priority

Some fixes available 30 of 112

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

24 affected packages

apache2, apr-util, cmake, expat, ghostscript...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
expat Fixed Fixed Fixed Fixed Fixed
ghostscript Not affected Not affected Not affected Not affected Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
matanza Ignored Ignored Ignored Ignored Ignored
insighttoolkit Not in release Not in release Not in release Not in release Not in release
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
libxmltok Not in release Fixed Fixed Fixed Fixed
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
vnc4 Not in release Not in release Not in release Not in release Ignored
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
cableswig Not in release Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
coin3 Not affected Not affected Not affected Not affected Ignored
firefox Fixed Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
smart Not in release Not in release Not in release Not in release Not affected
thunderbird Ignored Ignored Ignored Not in release Ignored
vtk Not in release Not in release Not in release Not in release Not in release
Show all 24 packages Show less packages

CVE-2022-25235

High priority

Some fixes available 30 of 112

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

24 affected packages

firefox, smart, vtk, thunderbird, apache2...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
firefox Fixed Fixed Fixed Not in release Ignored
smart Not in release Not in release Not in release Not in release Not affected
vtk Not in release Not in release Not in release Not in release Not in release
thunderbird Ignored Ignored Ignored Not in release Ignored
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
expat Fixed Fixed Fixed Fixed Fixed
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
swish-e Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
vnc4 Not in release Not in release Not in release Not in release Ignored
wbxml2 Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
libxmltok Not in release Fixed Fixed Fixed Fixed
tdom Needs evaluation Needs evaluation Needs evaluation Ignored Ignored
coin3 Not affected Not affected Not affected Not affected Ignored
matanza Ignored Ignored Ignored Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
texlive-bin Not affected Not affected Not affected Not affected Not affected
Show all 24 packages Show less packages

CVE-2022-23990

Medium priority

Some fixes available 23 of 102

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

24 affected packages

apache2, apr-util, insighttoolkit, swish-e, tdom...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Not in release
swish-e Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
tdom Needs evaluation Needs evaluation Needs evaluation Vulnerable Vulnerable
vtk Not in release Not in release Not in release Not in release Not in release
expat Fixed Fixed Fixed Fixed Fixed
wbxml2 Needs evaluation Needs evaluation Needs evaluation Vulnerable Vulnerable
ayttm Not in release Not in release Not in release Not in release Not in release
cableswig Not in release Not in release Not in release Not in release Not in release
cadaver Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Not affected Vulnerable
firefox Fixed Fixed Fixed Not in release Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Not in release Not affected Not affected Not affected
matanza Ignored Ignored Ignored Ignored Ignored
libxmltok Not in release Not affected Not affected Not affected Not affected
smart Not in release Not in release Not in release Not in release Not affected
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Ignored Ignored Ignored Not in release Ignored
vnc4 Not in release Not in release Not in release Not in release Not affected
xmlrpc-c Needs evaluation Needs evaluation Needs evaluation Not affected Not affected
Show all 24 packages Show less packages
  1. Previous page
  2. 6
  3. 7
  4. 8
  5. 9
  6. 10
  7. Next page
Export to JSON