Search CVE reports


Toggle filters

11 – 20 of 224 results


CVE-2023-39329

Medium priority
Vulnerable

A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Needs evaluation
openjpeg2 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2023-39327

Medium priority

Some fixes available 6 of 35

A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Needs evaluation
openjpeg2 Fixed Fixed Fixed Fixed Fixed
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2023-39328

Medium priority
Vulnerable

A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Needs evaluation Needs evaluation
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Needs evaluation
openjpeg2 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2024-29511

Medium priority

Some fixes available 2 of 3

Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation...

1 affected package

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Fixed Fixed Not affected Not affected Not affected
Show less packages

CVE-2024-29507

Medium priority

Some fixes available 1 of 2

Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.

1 affected package

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Fixed Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-29509

Medium priority

Some fixes available 2 of 3

Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle.

1 affected package

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Fixed Fixed Not affected Not affected Not affected
Show less packages

CVE-2024-29508

Medium priority

Some fixes available 4 of 7

Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc.

1 affected package

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2024-29506

Medium priority

Some fixes available 2 of 3

Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.

1 affected package

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Fixed Fixed Not affected Not affected Not affected
Show less packages

CVE-2024-33871

Medium priority

Some fixes available 5 of 7

An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver...

1 affected package

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2024-33870

Medium priority

Some fixes available 5 of 7

An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a...

1 affected package

ghostscript

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages