Search CVE reports
1 – 10 of 487 results
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
23 affected packages
expat, coin3, apache2, apr-util, cmake...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| expat | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| coin3 | Not affected | Not affected | Not affected | Needs evaluation |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | Not in release | Not in release | — | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | — | — |
| matanza | Ignored | Ignored | Ignored | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vtk | Not in release | Not in release | — | — |
| smart | Not in release | Not in release | — | Needs evaluation |
| firefox | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | — | — |
| libxmltok | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| expat | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | Not in release | Not in release | — | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | — | — |
| coin3 | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vtk | Not in release | Not in release | — | — |
| smart | Not in release | Not in release | — | Needs evaluation |
| firefox | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | — | — |
| libxmltok | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
23 affected packages
expat, apache2, apr-util, cmake, ghostscript...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| expat | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| cmake | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | Not in release | Not in release | — | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | — | — |
| coin3 | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Needs evaluation |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vtk | Not in release | Not in release | — | — |
| smart | Not in release | Not in release | — | Needs evaluation |
| firefox | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | — | — |
| libxmltok | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to: * Bypass...
1 affected package
lighttpd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| lighttpd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In Artifex GhostXPS before 10.06.0, there is a stack-based buffer overflow in xps_unpredict_tiff in xpstiff.c because the samplesperpixel value is not checked.
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | Not affected | Not affected | Not affected | Not affected |
In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocr_line8.
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | Fixed | Fixed | Not affected | Not affected |
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value.
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | Fixed | Fixed | Fixed | Fixed |
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c.
1 affected package
ghostscript
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ghostscript | Fixed | Fixed | Fixed | Fixed |
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
23 affected packages
expat, apache2, apr-util, tdom, cmake...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| expat | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| apache2 | Not affected | Not affected | Not affected | Not affected |
| apr-util | Not affected | Not affected | Not affected | Not affected |
| tdom | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| cmake | Not affected | Not affected | Not affected | Not affected |
| ghostscript | Not affected | Not affected | Not affected | Not affected |
| texlive-bin | Not affected | Not affected | Not affected | Not affected |
| xmlrpc-c | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| vnc4 | Not in release | Not in release | — | Needs evaluation |
| wbxml2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| swish-e | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| insighttoolkit4 | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| cadaver | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| gdcm | Not affected | Not affected | Not affected | Needs evaluation |
| ayttm | Not in release | Not in release | — | — |
| cableswig | Not in release | Not in release | — | — |
| coin3 | Not affected | Not affected | Not affected | Needs evaluation |
| matanza | Ignored | Ignored | Ignored | Needs evaluation |
| vtk | Not in release | Not in release | — | — |
| smart | Not in release | Not in release | — | Needs evaluation |
| firefox | Not affected | Not affected | — | — |
| thunderbird | Not affected | Not affected | — | — |
| libxmltok | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to...
5 affected packages
h2o, haproxy, lighttpd, varnish, dnsdist
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| h2o | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| haproxy | Not affected | Not affected | Not affected | Not affected |
| lighttpd | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| varnish | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| dnsdist | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |