CVE search results

221 – 230 of 257 results

Detailed view

Sort by:

CVE-2014-8157

Medium priority

Some fixes available 4 of 5

Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a...

3 affected packages

ghostscript, jasper, netpbm-free

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
jasper	—	—	—	—
netpbm-free	—	—	—	—

CVE-2014-8138

Medium priority

Some fixes available 4 of 5

Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.

3 affected packages

ghostscript, jasper, netpbm-free

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
jasper	—	—	—	—
netpbm-free	—	—	—	—

CVE-2014-8137

Low priority

Some fixes available 4 of 5

Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a...

3 affected packages

ghostscript, jasper, netpbm-free

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
jasper	—	—	—	—
netpbm-free	—	—	—	—

CVE-2014-9029

Medium priority

Some fixes available 4 of 5

Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which...

2 affected packages

ghostscript, jasper

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
jasper	—	—	—	—

CVE-2010-4820

Medium priority

Ignored

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability...

4 affected packages

ghostscript, gs-afpl, gs-esp, gs-gpl

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
gs-afpl	—	—	—	—
gs-esp	—	—	—	—
gs-gpl	—	—	—	—

CVE-2013-0340

Medium priority

Ignored

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption),...

40 affected packages

gdcm, apache2, apr-util, audacity, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
gdcm	—	—	—	—
apache2	—	—	—	—
apr-util	—	—	—	—
audacity	—	—	—	—
ayttm	—	—	—	—
cableswig	—	—	—	—
cadaver	—	—	—	—
celementtree	—	—	—	—
cmake	—	—	—	—
coin3	—	—	—	—
expat	—	—	—	—
ghostscript	—	—	—	—
grmonitor	—	—	—	—
insighttoolkit	—	—	—	—
kompozer	—	—	—	—
libparagui1.1	—	—	—	—
matanza	—	—	—	—
paraview	—	—	—	—
poco	—	—	—	—
python-xml	—	—	—	—
python2.4	—	—	—	—
python2.5	—	—	—	—
python2.6	—	—	—	—
simgear	—	—	—	—
sitecopy	—	—	—	—
smart	—	—	—	—
swish-e	—	—	—	—
tdom	—	—	—	—
texlive-bin	—	—	—	—
tla	—	—	—	—
vnc4	—	—	—	—
vtk	—	—	—	—
w3c-libwww	—	—	—	—
wbxml2	—	—	—	—
wxwidgets2.6	—	—	—	—
wxwidgets2.8	—	—	—	—
wxwindows2.4	—	—	—	—
xmlrpc-c	—	—	—	—
xotcl	—	—	—	—
xulrunner	—	—	—	—

CVE-2013-5653

Medium priority

Fixed

The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.

1 affected package

ghostscript

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—

CVE-2013-4276

Low priority

Ignored

Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctrans utility or (2) TIFF image to...

3 affected packages

lcms, ghostscript, lcms2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
lcms	—	—	—	Not in release
ghostscript	—	—	—	Not affected
lcms2	—	—	—	Not affected

CVE-2013-0341

Medium priority

Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

40 affected packages

tdom, apache2, apr-util, audacity, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tdom	—	—	—	—
apache2	—	—	—	—
apr-util	—	—	—	—
audacity	—	—	—	—
ayttm	—	—	—	—
cableswig	—	—	—	—
cadaver	—	—	—	—
celementtree	—	—	—	—
cmake	—	—	—	—
coin3	—	—	—	—
expat	—	—	—	—
gdcm	—	—	—	—
ghostscript	—	—	—	—
grmonitor	—	—	—	—
insighttoolkit	—	—	—	—
kompozer	—	—	—	—
libparagui1.1	—	—	—	—
matanza	—	—	—	—
paraview	—	—	—	—
poco	—	—	—	—
python-xml	—	—	—	—
python2.4	—	—	—	—
python2.5	—	—	—	—
python2.6	—	—	—	—
simgear	—	—	—	—
sitecopy	—	—	—	—
smart	—	—	—	—
swish-e	—	—	—	—
texlive-bin	—	—	—	—
tla	—	—	—	—
vnc4	—	—	—	—
vtk	—	—	—	—
w3c-libwww	—	—	—	—
wbxml2	—	—	—	—
wxwidgets2.6	—	—	—	—
wxwidgets2.8	—	—	—	—
wxwindows2.4	—	—	—	—
xmlrpc-c	—	—	—	—
xotcl	—	—	—	—
xulrunner	—	—	—	—

CVE-2013-4160

Medium priority

Fixed

Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves,...

3 affected packages

ghostscript, lcms, lcms2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ghostscript	—	—	—	—
lcms	—	—	—	—
lcms2	—	—	—	—

Export to JSON

Results by page:

Search CVE reports