Search CVE reports
1 – 7 of 7 results
In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData.
12 affected packages
asymptote, godot, goxel, love, mame...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| asymptote | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| godot | Not affected | Not affected | Not affected | — |
| goxel | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| love | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| mame | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| psychtoolbox-3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qt6-webengine | Needs evaluation | Needs evaluation | — | — |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| rbdoom3bfg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| renderdoc | Not in release | Needs evaluation | Needs evaluation | — |
| tinyexr | Needs evaluation | Needs evaluation | — | — |
| chromium-browser | Not affected | Not affected | Not in release | Not affected |
Some fixes available 2 of 8
A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to...
1 affected package
godot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| godot | Not affected | Fixed | Fixed | Not in release |
Some fixes available 2 of 8
An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size...
1 affected package
godot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| godot | Not affected | Fixed | Fixed | Not in release |
Some fixes available 16 of 17
Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
18 affected packages
chromium-browser, godot, graphicsmagick, musescore, openjdk-13...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | Not in release | Fixed |
| godot | Not affected | Not affected | Not affected | Not in release |
| graphicsmagick | Not affected | Not affected | Not affected | Not affected |
| musescore | Not in release | Not in release | Not affected | Not affected |
| openjdk-13 | Not in release | Not in release | Not affected | Not in release |
| texmaker | Not affected | Not affected | Not affected | Not affected |
| android | Not in release | Not in release | Not in release | Not in release |
| firefox | Not affected | Not affected | Not in release | Not affected |
| freetype | Fixed | Fixed | Fixed | Fixed |
| openjdk-lts | Not affected | Not affected | Not affected | Not affected |
| openjdk-15 | Not in release | Not in release | Not in release | Not in release |
| oxide-qt | Not in release | Not in release | Not in release | Not in release |
| paraview | Not affected | Not affected | Not affected | Not affected |
| qtbase-opensource-src | Not affected | Not affected | Not affected | Not affected |
| thunderbird | Not affected | Not affected | Not in release | Not affected |
| openjdk-12 | Not in release | Not in release | Not in release | Not in release |
| qtbase-opensource-src-gles | Not affected | Not affected | Not affected | Not in release |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
Some fixes available 7 of 41
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is...
7 affected packages
aom, godot, qtwebengine-opensource-src, chromium-browser, firefox...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| aom | Not affected | Needs evaluation | Needs evaluation | Not in release |
| godot | Fixed | Fixed | Fixed | Not in release |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| chromium-browser | Not affected | Not affected | Not in release | Not affected |
| firefox | Not affected | Not affected | Not in release | Not affected |
| libvpx | Not affected | Not affected | Not affected | Fixed |
| thunderbird | Not affected | Not affected | Not in release | Not affected |
In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.
1 affected package
godot
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| godot | Not affected | Not affected | Not affected | Not in release |
In libwebp 0.5.1, there is a double free bug in libwebpmux.
9 affected packages
godot, libwebp, mozjs60, qtimageformats-opensource-src, qtwebengine-opensource-src...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| godot | Not affected | Not affected | Not affected | Not in release |
| libwebp | Not affected | Not affected | Not affected | Not affected |
| mozjs60 | Not in release | Not in release | Not in release | Not in release |
| qtimageformats-opensource-src | Not affected | Not affected | Not affected | Not affected |
| qtwebengine-opensource-src | Not affected | Not affected | Not affected | Not affected |
| mozjs52 | Not in release | Not in release | Ignored | Ignored |
| firefox | Not affected | Not affected | Not in release | Not affected |
| mozjs38 | Not in release | Not in release | Not in release | Ignored |
| thunderbird | Not affected | Not affected | Not in release | Not affected |