Search CVE reports

131 – 140 of 184 results

Detailed view

Sort by:

CVE-2019-9587

Negligible priority

Vulnerable

There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service...

6 affected packages

ipe, libextractor, poppler, texlive-bin, utopia-documents, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
ipe	Not affected	Not affected	Not affected	Not affected	Not affected
libextractor	Not affected	Not affected	Not affected	Not affected	Not affected
poppler	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
utopia-documents	Not in release	Not in release	Not in release	Not in release	Not in release
xpdf	Not affected	Not affected	Not in release	Not affected	Not affected

CVE-2018-17407

Medium priority

Fixed

An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded...

1 affected packages

texlive-bin

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
texlive-bin	—	—	—	Fixed	Fixed

CVE-2017-17513

Negligible priority

Vulnerable

TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to...

3 affected packages

context, texlive-base, texlive-bin

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
context	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-base	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
texlive-bin	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2015-5701

Medium priority

Not affected

mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.

1 affected packages

texlive-bin

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
texlive-bin	—	—	—	—	—

CVE-2015-5700

Low priority

Fixed

mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.

1 affected packages

texlive-bin

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
texlive-bin	—	—	—	Not affected	Not affected

CVE-2017-9233

Medium priority

Some fixes available 7 of 94

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

33 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not affected
cableswig	Not in release	Not in release	Not in release	Not in release	Needs evaluation
cadaver	Not affected	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Needs evaluation	Fixed
expat	Not affected	Not affected	Not affected	Not affected	Fixed
firefox	Not affected	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not affected
insighttoolkit4	Not in release	Not affected	Not affected	Not affected	Vulnerable
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Not affected	Not affected	Not affected	Not affected	Not affected
matanza	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
poco	Not affected	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Not affected	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored	Ignored
vtk	Not in release	Not in release	Not in release	Not in release	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2017-9083

Low priority

Some fixes available 8 of 9

poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perf_test utility will crash (segmentation fault) when parsing an invalid PDF file.

3 affected packages

luatex, poppler, texlive-bin

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
luatex	—	—	—	Not in release	Not in release
poppler	—	—	—	Fixed	Fixed
texlive-bin	—	—	—	Not affected	Not affected

CVE-2016-10243

Medium priority

Some fixes available 2 of 6

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.

2 affected packages

texlive-base, texlive-bin

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
texlive-base	—	—	—	—	Fixed
texlive-bin	—	—	—	—	Not affected

CVE-2016-5300

Medium priority

Some fixes available 5 of 96

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this...

31 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Not affected
cableswig	Not in release	Not in release	Not in release	Not in release	Not affected
cadaver	Not affected	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Not affected	Not affected
expat	Not affected	Not affected	Not affected	Not affected	Fixed
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Not affected	Not affected	Not affected	Not affected	Not affected
matanza	Not affected	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Not affected	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored	Ignored
vtk	Not in release	Not in release	Not in release	Not in release	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
xotcl	Not affected	Not affected	Not affected	Not affected	Not affected

CVE-2015-1283

Medium priority

Some fixes available 37 of 233

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or...

33 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
audacity	Needs evaluation	Not affected	Not affected	Not affected	Not affected
ayttm	Not in release	Not in release	Not in release	Not in release	Vulnerable
cableswig	Not in release	Not in release	Not in release	Not in release	Vulnerable
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
chromium-browser	Fixed	Fixed	Fixed	Fixed	Fixed
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
expat	Not affected	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release	Vulnerable
kompozer	Not in release	Not in release	Not in release	Not in release	Not in release
libparagui1.1	Not in release	Not in release	Not in release	Not in release	Not in release
libxmltok	Vulnerable	Fixed	Fixed	Fixed	Fixed
matanza	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
oxide-qt	Not in release	Not in release	Not in release	Not in release	Fixed
poco	Not affected	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
tdom	Not affected	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Vulnerable	Fixed
vtk	Not in release	Not in release	Not in release	Not in release	Not affected
wbxml2	Not affected	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release	Not in release
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable
xotcl	Not affected	Not affected	Not affected	Not affected	Not affected

Export to JSON

Results by page: