Search CVE reports
61 – 70 of 105 results
A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat...
6 affected packages
insighttoolkit4, blender, openjpeg, openjpeg2, qtwebengine-opensource-src, texmaker
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| qtwebengine-opensource-src | Not affected | Not affected | Not affected | Not affected | Not affected |
| texmaker | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 16 of 67
A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this...
7 affected packages
qtwebengine-opensource-src, texmaker, blender, ghostscript, openjpeg2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Vulnerable |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 17 of 67
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to...
7 affected packages
blender, ghostscript, openjpeg2, insighttoolkit4, qtwebengine-opensource-src...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 17 of 31
There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact...
7 affected packages
openjpeg2, insighttoolkit4, qtwebengine-opensource-src, blender, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| texmaker | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 18 of 69
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this...
7 affected packages
openjpeg2, texmaker, blender, insighttoolkit4, qtwebengine-opensource-src...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 15 of 65
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as...
7 affected packages
texmaker, blender, insighttoolkit4, qtwebengine-opensource-src, ghostscript...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| texmaker | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| blender | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
Some fixes available 17 of 30
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running...
7 affected packages
blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| blender | Not affected | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected | Fixed |
| insighttoolkit4 | Not in release | Not in release | Not affected | Not affected | Not affected |
| openjpeg | Not in release | Not in release | Not in release | Not in release | Not in release |
| openjpeg2 | Fixed | Fixed | Fixed | Fixed | Fixed |
| texmaker | Not affected | Not affected | Not affected | Not affected | Not affected |
| qtwebengine-opensource-src | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Not affected |
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.
2 affected packages
ffmpeg, qtwebengine-opensource-src
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ffmpeg | — | Not affected | Not affected | Not affected | Not affected |
| qtwebengine-opensource-src | — | Not affected | Not affected | Not affected | Not affected |
cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts.
2 affected packages
chromium-browser, qtwebengine-opensource-src
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | Not affected | Not in release | Not affected |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
A URL parsing issue in goog.uri of the Google Closure Library versions up to and including v20200224 allows an attacker to send malicious URLs to be parsed by the library and return the wrong authority. Mitigation: update your...
2 affected packages
chromium-browser, qtwebengine-opensource-src
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | Not affected | Not in release | Not affected |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |