Search CVE reports
21 – 30 of 30164 results
CVE-2025-43973
Medium priorityAn issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
1 affected package
gobgp
| Package | 20.04 LTS |
|---|---|
| gobgp | Needs evaluation |
CVE-2025-43972
Medium priorityAn issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.
1 affected package
gobgp
| Package | 20.04 LTS |
|---|---|
| gobgp | Needs evaluation |
CVE-2025-43971
Medium priorityAn issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.
1 affected package
gobgp
| Package | 20.04 LTS |
|---|---|
| gobgp | Needs evaluation |
CVE-2025-43970
Medium priorityAn issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).
1 affected package
gobgp
| Package | 20.04 LTS |
|---|---|
| gobgp | Needs evaluation |
CVE-2025-43967
Medium prioritylibheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
1 affected package
libheif
| Package | 20.04 LTS |
|---|---|
| libheif | Needs evaluation |
CVE-2025-43966
Medium prioritylibheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
1 affected package
libheif
| Package | 20.04 LTS |
|---|---|
| libheif | Needs evaluation |
CVE-2025-43964
Medium priorityIn LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
8 affected packages
darktable, dcraw, digikam, exactimage, kodi...
| Package | 20.04 LTS |
|---|---|
| darktable | Needs evaluation |
| dcraw | Needs evaluation |
| digikam | Needs evaluation |
| exactimage | Needs evaluation |
| kodi | Needs evaluation |
| libraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| ufraw | Not in release |
CVE-2025-43963
Medium priorityIn LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.
8 affected packages
darktable, dcraw, digikam, exactimage, kodi...
| Package | 20.04 LTS |
|---|---|
| darktable | Needs evaluation |
| dcraw | Needs evaluation |
| digikam | Needs evaluation |
| exactimage | Needs evaluation |
| kodi | Needs evaluation |
| libraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| ufraw | Not in release |
CVE-2025-43962
Medium priorityIn LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
8 affected packages
darktable, dcraw, digikam, exactimage, kodi...
| Package | 20.04 LTS |
|---|---|
| darktable | Needs evaluation |
| dcraw | Needs evaluation |
| digikam | Needs evaluation |
| exactimage | Needs evaluation |
| kodi | Needs evaluation |
| libraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| ufraw | Not in release |
CVE-2025-43961
Medium priorityIn LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
8 affected packages
darktable, dcraw, digikam, exactimage, kodi...
| Package | 20.04 LTS |
|---|---|
| darktable | Needs evaluation |
| dcraw | Needs evaluation |
| digikam | Needs evaluation |
| exactimage | Needs evaluation |
| kodi | Needs evaluation |
| libraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| ufraw | Not in release |