Search CVE reports
451 – 460 of 48912 results
An out-of-bounds read vulnerability exists in the `DecodePsmctRle1` function of `DicomImageDecoder.cpp`. The `PMSCT_RLE1` decompression routine, which decodes the proprietary Philips Compression format, does not properly validate...
1 affected package
orthanc
| Package | 16.04 LTS |
|---|---|
| orthanc | Needs evaluation |
A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A...
1 affected package
orthanc
| Package | 16.04 LTS |
|---|---|
| orthanc | Needs evaluation |
A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed size of archived files. An...
1 affected package
orthanc
| Package | 16.04 LTS |
|---|---|
| orthanc | Needs evaluation |
A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on...
1 affected package
orthanc
| Package | 16.04 LTS |
|---|---|
| orthanc | Needs evaluation |
An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although...
1 affected package
orthanc
| Package | 16.04 LTS |
|---|---|
| orthanc | Needs evaluation |
In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS...
2 affected packages
lxd, incus
| Package | 16.04 LTS |
|---|---|
| lxd | Not affected |
| incus | — |
In Canonical LXD before 6.8, the backup import path validates project restrictions against backup/index.yaml in the supplied tar archive but creates the instance from backup/container/backup.yaml, a separate file in the same...
2 affected packages
lxd, incus
| Package | 16.04 LTS |
|---|---|
| lxd | Not affected |
| incus | — |
Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under...
2 affected packages
incus, lxd
| Package | 16.04 LTS |
|---|---|
| incus | — |
| lxd | Not affected |
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS,...
5 affected packages
libpng, libpng1.6, firefox, thunderbird, chromium-browser
| Package | 16.04 LTS |
|---|---|
| libpng | Needs evaluation |
| libpng1.6 | Needs evaluation |
| firefox | — |
| thunderbird | — |
| chromium-browser | — |
[Unknown description]
1 affected package
gitlab
| Package | 16.04 LTS |
|---|---|
| gitlab | Ignored |