Search CVE reports

21 – 30 of 107 results

Detailed view

Sort by:

CVE-2023-39327

Medium priority

Some fixes available 11 of 47

A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Not affected	Fixed
insighttoolkit4	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	Not in release	—
openjpeg2	Fixed	Fixed	Fixed	Fixed	Fixed
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-39328

Medium priority

Vulnerable

A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Not affected	Needs evaluation
insighttoolkit4	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	Not in release	—
openjpeg2	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-52356

Medium priority

Some fixes available 11 of 30

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

4 affected packages

gdal, qtwebengine-opensource-src, texmaker, tiff

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gdal	Not affected	Not affected	Not affected	Not affected	Not affected
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tiff	Fixed	Fixed	Fixed	Fixed	Fixed

CVE-2023-52355

Negligible priority

Ignored

An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a...

5 affected packages

gdal, neuron, qtwebengine-opensource-src, texmaker, tiff

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gdal	—	—	Not affected	Not affected	Not affected
neuron	—	—	Ignored	Ignored	Ignored
qtwebengine-opensource-src	—	—	Ignored	Ignored	Ignored
texmaker	—	—	Ignored	Ignored	Ignored
tiff	—	—	Ignored	Ignored	Ignored

CVE-2023-45311

Medium priority

Needs evaluation

fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that...

2 affected packages

npm, qtwebengine-opensource-src

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
npm	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-39616

Medium priority

Needs evaluation

AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.

2 affected packages

qt6-webengine, qtwebengine-opensource-src

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
qt6-webengine	Needs evaluation	Needs evaluation	Needs evaluation	Not in release	Ignored
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Ignored	Ignored

CVE-2022-34300

Low priority

Some fixes available 6 of 118

In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData.

12 affected packages

asymptote, chromium-browser, godot, goxel, love...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
asymptote	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
chromium-browser	Not affected	Not affected	Not affected	Not in release	Not affected
godot	Not in release	Not affected	Not affected	Not affected	—
goxel	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
love	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
mame	Vulnerable	Fixed	Fixed	Fixed	Fixed
psychtoolbox-3	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
qt6-webengine	Needs evaluation	Needs evaluation	Needs evaluation	—	—
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
rbdoom3bfg	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
renderdoc	Not in release	Not in release	Needs evaluation	Needs evaluation	—
tinyexr	Needs evaluation	Needs evaluation	Needs evaluation	—	—

CVE-2022-33068

Medium priority

Some fixes available 10 of 35

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

13 affected packages

harfbuzz, icedtea-web, openjdk-12, openjdk-13, openjdk-15...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
harfbuzz	Fixed	Fixed	Fixed	Fixed	Not affected
icedtea-web	Not affected	Not affected	Not affected	Not affected	Not affected
openjdk-12	Not in release	Not in release	Not in release	Not in release	Not in release
openjdk-13	Not in release	Not in release	Not in release	Not affected	Not in release
openjdk-15	Not in release	Not in release	Not in release	Not in release	Not in release
openjdk-16	Not in release	Not in release	Not in release	Not affected	Not in release
openjdk-17	Not affected	Not affected	Not affected	Not affected	Not affected
openjdk-18	Not in release	Not in release	Not affected	Not in release	Not in release
openjdk-8	Not affected	Not affected	Not affected	Not affected	Not affected
openjdk-9	Not in release	Not in release	Not in release	Not in release	Not in release
openjdk-lts	Not affected	Not affected	Not affected	Not affected	Not affected
qt6-base	Needs evaluation	Needs evaluation	Needs evaluation	—	—
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-1122

Low priority

Some fixes available 4 of 49

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls...

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	Not in release	Not in release
openjpeg2	Not affected	Not affected	Fixed	Fixed	Fixed
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-3575

Low priority

Some fixes available 9 of 65

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled...

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
blender	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit4	Not in release	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
openjpeg	Not in release	Not in release	Not in release	Not in release	Not in release
openjpeg2	Fixed	Fixed	Fixed	Fixed	Fixed
qtwebengine-opensource-src	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texmaker	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

Export to JSON

Results by page: