Search CVE reports

121 – 130 of 185 results

Detailed view

Sort by:

CVE-2021-45960

Low priority

Some fixes available 20 of 106

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cableswig	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Needs evaluation	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Fixed	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Needs evaluation
insighttoolkit4	Not in release	Not affected	Not affected	Not affected	Needs evaluation
libxmltok	Not affected	Not affected	Not affected	Not affected	Not affected
matanza	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	Ignored	Ignored
vnc4	Not in release	Not in release	Not in release	Needs evaluation	Needs evaluation
vtk	Not in release	Not in release	Not in release	Not in release	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-43519

Low priority

Needs evaluation

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

45 affected packages

ardour, bam, blobby, ceph, darktable...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ardour	Not affected	Not affected	Not affected	Not affected	Not affected
bam	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
blobby	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ceph	Not affected	Not affected	Not affected	Not affected	Not affected
darktable	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
eja	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
emscripten	Needs evaluation	Needs evaluation	—	Needs evaluation	Needs evaluation
enigma	Not affected	Not affected	Not affected	Not affected	Not affected
freeciv	Not affected	Not affected	Not affected	Not affected	Not affected
freedroidrpg	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
fs-uae	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
golly	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
goxel	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
grub2	Not affected	Not affected	Not affected	Not affected	Not affected
gtk2-engines	Not affected	Not affected	Not affected	Not affected	Not affected
haskell-hslua	Not affected	Not affected	Not affected	Not affected	Not affected
hedgewars	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.1	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.2	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.3	Not affected	Not affected	Not affected	Not affected	Not affected
lua5.4	Not affected	Not affected	Not in release	Not in release	Not in release
lua50	Not in release	Not in release	Not affected	Not affected	Not affected
luajit	Not affected	Not affected	Not affected	Not affected	Not affected
mame	Not affected	Not affected	Not affected	Not affected	Not affected
naev	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
openscenegraph	Not affected	Not affected	Not affected	Not affected	Not affected
redis	Not affected	Not affected	Not affected	Not affected	Not affected
rust-lua52-sys	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
scite	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
scorched3d	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
scummvm	Not affected	Not affected	Not affected	Not affected	Not affected
spring	Not affected	Not affected	Not affected	Not affected	Not affected
syslinux	Not affected	Not affected	Not affected	Not affected	Not affected
syslinux-legacy	Not in release	Not in release	Not affected	Not affected	Not affected
tagua	Not affected	Not affected	Not affected	Not affected	Not affected
tarantool	Needs evaluation	Needs evaluation	Needs evaluation	—	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tup	Needs evaluation	Needs evaluation	Needs evaluation	—	Ignored
ufoai	Not affected	Not affected	Not affected	Not affected	Not affected
vifm	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wcc	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Ignored
wesnoth	—	—	—	—	Ignored
widelands	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmoto	Not affected	Not affected	Not affected	Not affected	Not affected
zfs-linux	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2020-15999

High priority

Some fixes available 15 of 16

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

18 affected packages

android, chromium-browser, firefox, freetype, godot...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
android	Not in release	Not in release	Not in release	Not in release	Needs evaluation
chromium-browser	Not affected	Not affected	Not affected	Fixed	Fixed
firefox	Not affected	Not affected	Not affected	Not affected	Not affected
freetype	Fixed	Fixed	Fixed	Fixed	Fixed
godot	Not affected	Not affected	Not affected	Not in release	Not in release
graphicsmagick	Not affected	Not affected	Not affected	Not affected	Not affected
musescore	Not in release	Not in release	Not affected	Not affected	Not affected
openjdk-12	Not in release	Not in release	Not in release	Not in release	Not in release
openjdk-13	Not in release	Not in release	Not affected	Not in release	Not in release
openjdk-15	Not in release	Not in release	Not in release	Not in release	Not in release
openjdk-lts	Not affected	Not affected	Not affected	Not affected	Not in release
oxide-qt	Not in release	Not in release	Not in release	Not in release	Not affected
paraview	Not affected	Not affected	Not affected	Not affected	Not affected
qtbase-opensource-src	Not affected	Not affected	Not affected	Not affected	Not affected
qtbase-opensource-src-gles	Not affected	Not affected	Not affected	Not in release	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
texmaker	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2019-19601

Medium priority

Not affected

OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf.

1 affected packages

texlive-bin

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
texlive-bin	—	—	Not affected	Not affected	Not affected

CVE-2019-18604

Low priority

Some fixes available 1 of 3

In axohelp.c before 1.3 in axohelp in axodraw2 before 2.1.1b, as distributed in TeXLive and other collections, sprintf is mishandled.

1 affected packages

texlive-bin

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
texlive-bin	Not affected	Not affected	Fixed	Not affected	Not affected

CVE-2019-15903

Medium priority

Some fixes available 51 of 180

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a...

32 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cableswig	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
chromium-browser	Fixed	Fixed	Fixed	Fixed	Fixed
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Vulnerable	Vulnerable
expat	Not affected	Not affected	Not affected	Fixed	Fixed
firefox	Fixed	Fixed	Fixed	Fixed	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Needs evaluation
insighttoolkit4	Not in release	Not affected	Not affected	Not affected	Needs evaluation
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Vulnerable	Fixed	Fixed	Fixed	Fixed
matanza	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
poco	Not affected	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Fixed	Fixed	Fixed	Fixed	Fixed
vnc4	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
vtk	Not in release	Not in release	Not in release	Not in release	Fixed
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable

CVE-2018-20843

Low priority

Some fixes available 22 of 116

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable...

32 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cableswig	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Vulnerable	Vulnerable
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Not affected	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Needs evaluation
insighttoolkit4	Not in release	Not affected	Not affected	Not affected	Vulnerable
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Vulnerable	Fixed	Fixed	Fixed	Fixed
matanza	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
poco	Not affected	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
vtk	Not in release	Not in release	Not in release	Not in release	Fixed
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2019-12493

Negligible priority

Vulnerable

A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered...

7 affected packages

emscripten, ipe, libextractor, poppler, texlive-bin...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emscripten	Ignored	Ignored	Not in release	Ignored	Ignored
ipe	Not affected	Not affected	Not affected	Not affected	Not affected
libextractor	Not affected	Not affected	Not affected	Not affected	Not affected
poppler	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
utopia-documents	Not in release	Not in release	Not in release	Not in release	Not in release
xpdf	Not affected	Not affected	Not in release	Not affected	Not affected

CVE-2019-12360

Low priority

Vulnerable

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an...

7 affected packages

emscripten, ipe, libextractor, poppler, texlive-bin...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
emscripten	Ignored	Ignored	Not in release	Ignored	Ignored
ipe	Not affected	Not affected	Not affected	Not affected	Not affected
libextractor	Not affected	Not affected	Not affected	Not affected	Not affected
poppler	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
utopia-documents	Not in release	Not in release	Not in release	Not in release	Not in release
xpdf	Not affected	Not affected	Not in release	Not affected	Not affected

CVE-2019-9589

Low priority

Ignored

There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an...

6 affected packages

ipe, libextractor, poppler, texlive-bin, utopia-documents, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ipe	—	Not affected	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected	Not affected
texlive-bin	—	Not affected	Not affected	Not affected	Not affected
utopia-documents	—	Not in release	Not in release	Not in release	Not in release
xpdf	—	Not affected	Not in release	Not affected	Not affected

Export to JSON

Results by page: