Search CVE reports
11 – 20 of 187 results
Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem.
1 affected package
texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live...
1 affected package
texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| texlive-bin | — | Fixed | Fixed | Fixed |
Some fixes available 2 of 6
LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This...
1 affected package
texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| texlive-bin | Not affected | Fixed | Fixed | Vulnerable |
Some fixes available 11 of 94
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
24 affected packages
xmlrpc-c, cableswig, apache2, apr-util, cmake...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cableswig | — | Not in release | Not in release | Not in release |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| expat | Fixed | Fixed | Fixed | Fixed |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| vnc4 | — | Not in release | Not in release | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| ayttm | — | Not in release | Not in release | Not in release |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| coin3 | Not affected | Not affected | Not affected | Needs evaluation |
| firefox | Not affected | Not affected | Not in release | Ignored |
| gdcm | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | — | Not in release | Not in release | Not in release |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
| libxmltok | Not affected | Not affected | Not affected | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored |
| smart | — | Not in release | Not in release | Not affected |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| thunderbird | Ignored | Ignored | Not in release | Ignored |
| vtk | — | Not in release | Not in release | Not in release |
Some fixes available 13 of 118
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
24 affected packages
firefox, cadaver, coin3, gdcm, libxmltok...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | Not affected | Not affected | Fixed | Fixed |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| coin3 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| libxmltok | Not affected | Not affected | Not affected | Not affected |
| matanza | Ignored | Ignored | Ignored | Ignored |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| thunderbird | Ignored | Ignored | Not in release | Ignored |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| expat | Fixed | Fixed | Fixed | Fixed |
| vnc4 | — | Not in release | Not in release | Needs evaluation |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| ayttm | — | Not in release | Not in release | Not in release |
| cableswig | — | Not in release | Not in release | Not in release |
| smart | — | Not in release | Not in release | Needs evaluation |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| insighttoolkit | — | Not in release | Not in release | Not in release |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| vtk | — | Not in release | Not in release | Not in release |
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of...
3 affected packages
ipe, xpdf, texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xpdf | Not affected | Not affected | Not in release | Needs evaluation |
| texlive-bin | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.
4 affected packages
emscripten, ipe, texlive-bin, xpdf
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| emscripten | Needs evaluation | Needs evaluation | Not in release | Needs evaluation |
| ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| texlive-bin | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| xpdf | Not affected | Not affected | Not in release | Not affected |
OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae.
1 affected package
texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x703969.
1 affected package
texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f.
1 affected package
texlive-bin
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| texlive-bin | Not affected | Not affected | Not affected | Not affected |