Search CVE reports
31 – 40 of 846 results
Some fixes available 7 of 51
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
8 affected packages
dcraw, ufraw, darktable, exactimage, rawtherapee...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dcraw | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| ufraw | Not in release | Not in release | Not in release | Needs evaluation |
| darktable | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| exactimage | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| rawtherapee | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| libraw | Fixed | Fixed | Fixed | Fixed |
| kodi | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| digikam | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
Some fixes available 7 of 51
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.
8 affected packages
ufraw, darktable, exactimage, dcraw, rawtherapee...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ufraw | Not in release | Not in release | Not in release | Needs evaluation |
| darktable | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| exactimage | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| dcraw | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| rawtherapee | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| kodi | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| digikam | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| libraw | Fixed | Fixed | Fixed | Fixed |
Some fixes available 7 of 51
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
8 affected packages
ufraw, darktable, exactimage, dcraw, rawtherapee...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ufraw | Not in release | Not in release | Not in release | Needs evaluation |
| darktable | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| exactimage | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| dcraw | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| rawtherapee | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| kodi | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| digikam | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| libraw | Fixed | Fixed | Fixed | Fixed |
Some fixes available 7 of 51
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
8 affected packages
dcraw, ufraw, darktable, exactimage, libraw...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dcraw | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| ufraw | Not in release | Not in release | Not in release | Needs evaluation |
| darktable | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| exactimage | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| libraw | Fixed | Fixed | Fixed | Fixed |
| rawtherapee | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| kodi | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| digikam | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file
1 affected package
wireshark
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| wireshark | Vulnerable | Not affected | Not affected | Not affected |
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.
1 affected package
ark
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ark | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
1 affected package
wireshark
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| wireshark | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
1 affected package
wireshark
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| wireshark | Vulnerable | Not affected | Not affected | Not affected |
The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `v0.0.0-20240729232818-a2a9c4f`, which corresponds with...
1 affected package
golang-github-gomarkdown-markdown
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-gomarkdown-markdown | Needs evaluation | Not in release | Not in release | — |
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe...
1 affected package
node-markdown-to-jsx
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| node-markdown-to-jsx | Needs evaluation | Not in release | Not in release | — |