Search CVE reports
141 – 150 of 184 results
CVE-2015-0973
Medium priorityBuffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a...
2 affected packages
libpng, texlive-bin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libpng | — | — | — | — | — |
texlive-bin | — | — | — | — | — |
CVE-2013-0340
Medium priorityexpat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption),...
40 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | — | — | — | — | — |
apr-util | — | — | — | — | — |
audacity | — | — | — | — | — |
ayttm | — | — | — | — | — |
cableswig | — | — | — | — | — |
cadaver | — | — | — | — | — |
celementtree | — | — | — | — | — |
cmake | — | — | — | — | — |
coin3 | — | — | — | — | — |
expat | — | — | — | — | — |
gdcm | — | — | — | — | — |
ghostscript | — | — | — | — | — |
grmonitor | — | — | — | — | — |
insighttoolkit | — | — | — | — | — |
kompozer | — | — | — | — | — |
libparagui1.1 | — | — | — | — | — |
matanza | — | — | — | — | — |
paraview | — | — | — | — | — |
poco | — | — | — | — | — |
python-xml | — | — | — | — | — |
python2.4 | — | — | — | — | — |
python2.5 | — | — | — | — | — |
python2.6 | — | — | — | — | — |
simgear | — | — | — | — | — |
sitecopy | — | — | — | — | — |
smart | — | — | — | — | — |
swish-e | — | — | — | — | — |
tdom | — | — | — | — | — |
texlive-bin | — | — | — | — | — |
tla | — | — | — | — | — |
vnc4 | — | — | — | — | — |
vtk | — | — | — | — | — |
w3c-libwww | — | — | — | — | — |
wbxml2 | — | — | — | — | — |
wxwidgets2.6 | — | — | — | — | — |
wxwidgets2.8 | — | — | — | — | — |
wxwindows2.4 | — | — | — | — | — |
xmlrpc-c | — | — | — | — | — |
xotcl | — | — | — | — | — |
xulrunner | — | — | — | — | — |
CVE-2012-6702
Medium prioritySome fixes available 5 of 100
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
32 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Not affected |
cableswig | Not in release | Not in release | Not in release | Not in release | Not affected |
cadaver | Not affected | Not affected | Not affected | Not affected | Not affected |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Not affected | Not affected |
expat | Not affected | Not affected | Not affected | Not affected | Fixed |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Not affected | Not affected | Not affected | Not affected | Not affected |
matanza | Not affected | Not affected | Not affected | Not affected | Not affected |
paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Not affected | Not affected | Not affected | Not affected | Not affected |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2012-1147
Low priorityreadfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
40 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | — | — | — | Ignored | Ignored |
apr-util | — | — | — | Ignored | Ignored |
audacity | — | — | — | Not affected | Not affected |
ayttm | — | — | — | Not in release | Not affected |
cableswig | — | — | — | Not in release | Not affected |
cadaver | — | — | — | Not affected | Not affected |
celementtree | — | — | — | Not in release | Not in release |
cmake | — | — | — | Ignored | Ignored |
coin3 | — | — | — | Not affected | Not affected |
expat | — | — | — | Not affected | Not affected |
gdcm | — | — | — | Not affected | Not affected |
ghostscript | — | — | — | Ignored | Ignored |
grmonitor | — | — | — | Not in release | Not in release |
insighttoolkit | — | — | — | Not in release | Not affected |
kompozer | — | — | — | Not in release | Not in release |
libparagui1.1 | — | — | — | Not in release | Not in release |
matanza | — | — | — | Not affected | Not affected |
paraview | — | — | — | Not affected | Not affected |
poco | — | — | — | Not affected | Not affected |
python-xml | — | — | — | Not in release | Not in release |
python2.4 | — | — | — | Not in release | Not in release |
python2.5 | — | — | — | Not in release | Not in release |
python2.6 | — | — | — | Not in release | Not in release |
simgear | — | — | — | Not affected | Not affected |
sitecopy | — | — | — | Not affected | Not affected |
smart | — | — | — | Ignored | Ignored |
swish-e | — | — | — | Not affected | Not affected |
tdom | — | — | — | Not affected | Not affected |
texlive-bin | — | — | — | Ignored | Ignored |
tla | — | — | — | Not affected | Not affected |
vnc4 | — | — | — | Ignored | Ignored |
vtk | — | — | — | Not in release | Not affected |
w3c-libwww | — | — | — | Not in release | Not in release |
wbxml2 | — | — | — | Not affected | Not affected |
wxwidgets2.6 | — | — | — | Not in release | Not in release |
wxwidgets2.8 | — | — | — | Not in release | Not in release |
wxwindows2.4 | — | — | — | Not in release | Not in release |
xmlrpc-c | — | — | — | Ignored | Ignored |
xotcl | — | — | — | Not affected | Not affected |
xulrunner | — | — | — | Not in release | Not in release |
CVE-2012-1148
Low prioritySome fixes available 39 of 391
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause...
41 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cableswig | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
celementtree | Not in release | Not in release | Not in release | Not in release | Not in release |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
expat | Not affected | Not affected | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
grmonitor | Not in release | Not in release | Not in release | Not in release | Not in release |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Vulnerable | Fixed | Fixed | Fixed | Fixed |
matanza | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
python-xml | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
w3c-libwww | Not in release | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwindows2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Fixed | Fixed | Fixed | Fixed | Fixed |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
xulrunner | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2012-0876
Medium prioritySome fixes available 35 of 382
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption)...
41 affected packages
apache2, apr-util, audacity, ayttm, cableswig...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
apache2 | Not affected | Not affected | Not affected | Not affected | Not affected |
apr-util | Not affected | Not affected | Not affected | Not affected | Not affected |
audacity | Needs evaluation | Not affected | Not affected | Not affected | Not affected |
ayttm | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cableswig | Not in release | Not in release | Not in release | Not in release | Vulnerable |
cadaver | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
celementtree | Not in release | Not in release | Not in release | Not in release | Not in release |
cmake | Not affected | Not affected | Not affected | Not affected | Not affected |
coin3 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
expat | Not affected | Not affected | Not affected | Not affected | Not affected |
gdcm | Not affected | Not affected | Not affected | Not affected | Not affected |
ghostscript | Not affected | Not affected | Not affected | Not affected | Not affected |
grmonitor | Not in release | Not in release | Not in release | Not in release | Not in release |
insighttoolkit | Not in release | Not in release | Not in release | Not in release | Vulnerable |
kompozer | Not in release | Not in release | Not in release | Not in release | Not in release |
libparagui1.1 | Not in release | Not in release | Not in release | Not in release | Not in release |
libxmltok | Not affected | Not affected | Not affected | Not affected | Not affected |
matanza | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
paraview | Not affected | Not affected | Not affected | Not affected | Not affected |
poco | Not affected | Not affected | Not affected | Not affected | Not affected |
python-xml | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.5 | Not in release | Not in release | Not in release | Not in release | Not in release |
python2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
simgear | Not affected | Not affected | Not affected | Not affected | Not affected |
sitecopy | Not in release | Not affected | Not affected | Not affected | Not affected |
smart | Not in release | Not in release | Not in release | Not affected | Not affected |
swish-e | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
tdom | Not affected | Not affected | Not affected | Not affected | Not affected |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
tla | Not affected | Not affected | Not affected | Not affected | Not affected |
vnc4 | Not in release | Not in release | Not in release | Ignored | Ignored |
vtk | Not in release | Not in release | Not in release | Not in release | Not affected |
w3c-libwww | Not in release | Not in release | Not in release | Not in release | Not in release |
wbxml2 | Not affected | Not affected | Not affected | Not affected | Not affected |
wxwidgets2.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwidgets2.8 | Not in release | Not in release | Not in release | Not in release | Not in release |
wxwindows2.4 | Not in release | Not in release | Not in release | Not in release | Not in release |
xmlrpc-c | Fixed | Fixed | Fixed | Fixed | Fixed |
xotcl | Not affected | Not affected | Not affected | Not affected | Not affected |
xulrunner | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2012-2120
Negligible prioritylatex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
1 affected packages
texlive-bin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
texlive-bin | — | — | — | — | Not affected |
CVE-2010-3704
Medium prioritySome fixes available 9 of 74
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to...
11 affected packages
gpdf, ipe, kdegraphics, koffice, libextractor...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gpdf | Not in release | Not in release | Not in release | Not in release | Not in release |
ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
kdegraphics | Not in release | Not in release | Not in release | Not in release | Not in release |
koffice | Not in release | Not in release | Not in release | Not in release | Not in release |
libextractor | Not affected | Not affected | Not affected | Not affected | Not affected |
pdfkit.framework | Not in release | Not in release | Not in release | Not in release | Not in release |
pdftohtml | Not in release | Not in release | Not in release | Not in release | Not in release |
poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
tetex-bin | Not in release | Not in release | Not in release | Not in release | Not in release |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
xpdf | Not affected | Not affected | Not in release | Not affected | Not affected |
CVE-2010-3703
Medium prioritySome fixes available 4 of 71
The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a...
11 affected packages
gpdf, ipe, kdegraphics, koffice, libextractor...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gpdf | Not in release | Not in release | Not in release | Not in release | Not in release |
ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
kdegraphics | Not in release | Not in release | Not in release | Not in release | Not in release |
koffice | Not in release | Not in release | Not in release | Not in release | Not in release |
libextractor | Not affected | Not affected | Not affected | Not affected | Not affected |
pdfkit.framework | Not in release | Not in release | Not in release | Not in release | Not in release |
pdftohtml | Not in release | Not in release | Not in release | Not in release | Not in release |
poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
tetex-bin | Not in release | Not in release | Not in release | Not in release | Not in release |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
xpdf | Not affected | Not affected | Not in release | Not affected | Not affected |
CVE-2010-3702
Medium prioritySome fixes available 9 of 74
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of...
11 affected packages
gpdf, ipe, kdegraphics, koffice, libextractor...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
gpdf | Not in release | Not in release | Not in release | Not in release | Not in release |
ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
kdegraphics | Not in release | Not in release | Not in release | Not in release | Not in release |
koffice | Not in release | Not in release | Not in release | Not in release | Not in release |
libextractor | Not affected | Not affected | Not affected | Not affected | Not affected |
pdfkit.framework | Not in release | Not in release | Not in release | Not in release | Not in release |
pdftohtml | Not in release | Not in release | Not in release | Not in release | Not in release |
poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
tetex-bin | Not in release | Not in release | Not in release | Not in release | Not in release |
texlive-bin | Not affected | Not affected | Not affected | Not affected | Not affected |
xpdf | Not affected | Not affected | Not in release | Not affected | Not affected |