Search CVE reports
231 – 240 of 490 results
CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
4 affected packages
ipe, libextractor, xpdf, poppler
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libextractor | Not affected | Not affected | Not affected | Not affected |
| xpdf | Vulnerable | Vulnerable | Not in release | Vulnerable |
| poppler | Not affected | Not affected | Not affected | Not affected |
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network...
1 affected package
mysql-connector-java
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| mysql-connector-java | — | — | — | Not affected |
Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected...
1 affected package
asciidoctor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| asciidoctor | Not affected | Not affected | Not affected | Vulnerable |
Some fixes available 6 of 186
stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.
13 affected packages
catimg, ccextractor, goxel, libsfml, libsixel...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| catimg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ccextractor | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| goxel | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libsfml | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| libsixel | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| love | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| mame | Fixed | Fixed | Fixed | Fixed |
| renderdoc | Not in release | Needs evaluation | Needs evaluation | Not in release |
| retroarch | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| flif | Not in release | Not in release | Not in release | Not in release |
| tweeny | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| zam-plugins | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| zynaddsubfx | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 2 of 4
GNU Libextractor through 1.7 has an out-of-bounds read vulnerability in EXTRACTOR_zip_extract_method() in zip_extractor.c.
1 affected package
libextractor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libextractor | Not affected | Not affected | Not affected | Vulnerable |
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.
4 affected packages
poppler, ipe, libextractor, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| poppler | Not affected | Not affected | Not affected | Not affected |
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libextractor | Not affected | Not affected | Not affected | Not affected |
| xpdf | Vulnerable | Vulnerable | Not in release | Vulnerable |
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
4 affected packages
ipe, libextractor, poppler, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libextractor | Not affected | Not affected | Not affected | Not affected |
| poppler | Not affected | Not affected | Not affected | Not affected |
| xpdf | Vulnerable | Vulnerable | Not in release | Vulnerable |
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template...
1 affected package
ocsinventory-server
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ocsinventory-server | — | — | — | Not affected |
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service.
1 affected package
ocsinventory-server
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ocsinventory-server | Not affected | Not affected | Not affected | Vulnerable |
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the...
1 affected package
ocsinventory-server
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ocsinventory-server | Not affected | Not affected | Not affected | Vulnerable |