Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

21 – 30 of 90 results


CVE-2018-21010

Medium priority

Some fixes available 2 of 58

OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.

8 affected packages

blender, gdcm, ghostscript, insighttoolkit4, openjpeg...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not in release Ignored
openjpeg2 Not affected Not affected Not affected Fixed Fixed
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 8 packages Show less packages

CVE-2019-12973

Low priority

Some fixes available 12 of 85

In OpenJPEG 2.3.1, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file. This issue is similar to...

9 affected packages

blender, emscripten, gdcm, ghostscript, insighttoolkit4...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emscripten Ignored Ignored Not in release Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not in release Not affected
openjpeg2 Fixed Fixed Fixed Fixed Fixed
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 9 packages Show less packages

CVE-2018-20847

Medium priority

Some fixes available 1 of 72

An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow.

8 affected packages

blender, emscripten, gdcm, insighttoolkit4, openjpeg...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emscripten Ignored Ignored Not in release Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not in release Not affected
openjpeg2 Not affected Not affected Not affected Not affected Fixed
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 8 packages Show less packages

CVE-2018-20846

Medium priority
Needs evaluation

Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service...

8 affected packages

blender, emscripten, gdcm, insighttoolkit4, openjpeg...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emscripten Ignored Ignored Not in release Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not in release Not affected
openjpeg2 Not affected Not affected Not affected Not affected Not affected
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 8 packages Show less packages

CVE-2018-20845

Medium priority

Some fixes available 1 of 80

Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

8 affected packages

blender, emscripten, gdcm, insighttoolkit4, openjpeg...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emscripten Ignored Ignored Not in release Ignored Ignored
gdcm Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not in release Not affected
openjpeg2 Not affected Not affected Not affected Fixed Not affected
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 8 packages Show less packages

CVE-2019-7663

Medium priority

Some fixes available 4 of 52

An Invalid Address dereference was discovered in TIFFWriteDirectoryTagTransferfunction in libtiff/tif_dirwrite.c in LibTIFF 4.0.10, affecting the cpSeparateBufToContigBuf function in tiffcp.c. Remote attackers could leverage this...

9 affected packages

chromium, gdal, openjpeg2, qt4-x11, qtimageformats-opensource-src...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium Not in release Not in release Not in release Not in release Not in release
gdal Not affected Not affected Not affected Not affected Vulnerable
openjpeg2 Not affected Not affected Not affected Not affected Not affected
qt4-x11 Not in release Not in release Not in release Not affected Not affected
qtimageformats-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tiff Not affected Not affected Not affected Fixed Fixed
tiff3 Not in release Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2019-6988

Low priority
Vulnerable

An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c,...

3 affected packages

ghostscript, openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Not affected Not affected Not affected Vulnerable Vulnerable
openjpeg Not in release Not in release Not in release Not in release Not affected
openjpeg2 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2018-18088

Medium priority

Some fixes available 3 of 5

OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not in release Not in release Fixed
openjpeg2 Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-16376

Low priority
Ignored

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of...

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not in release Ignored
openjpeg2 Not affected Not affected Not affected
Show less packages

CVE-2018-16375

Medium priority

Some fixes available 1 of 4

An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Not in release Not affected
openjpeg2 Not affected Fixed Not affected
Show less packages