Search CVE reports
391 – 400 of 465 results
Some fixes available 35 of 78
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.
11 affected packages
gpdf, xpdf, ipe, kdegraphics, koffice...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gpdf | — | Not in release | Not in release | Not in release |
| xpdf | — | Not affected | Not in release | Not affected |
| ipe | — | Not affected | Not affected | Not affected |
| kdegraphics | — | Not in release | Not in release | Not in release |
| koffice | — | Not in release | Not in release | Not in release |
| libextractor | — | Not affected | Not affected | Not affected |
| pdfkit.framework | — | Not in release | Not in release | Not in release |
| pdftohtml | — | Not in release | Not in release | Not in release |
| poppler | — | Fixed | Fixed | Fixed |
| tetex-bin | — | Not in release | Not in release | Not in release |
| texlive-bin | — | Not affected | Not affected | Not affected |
Some fixes available 35 of 78
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.
14 affected packages
kdegraphics, gpdf, cupsys, cups, evince...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kdegraphics | — | Not in release | Not in release | Not in release |
| gpdf | — | Not in release | Not in release | Not in release |
| cupsys | — | Not in release | Not in release | Not in release |
| cups | — | Not affected | Not affected | Not affected |
| evince | — | Not affected | Not affected | Not affected |
| ipe | — | Not affected | Not affected | Not affected |
| koffice | — | Not in release | Not in release | Not in release |
| libextractor | — | Not affected | Not affected | Not affected |
| pdfkit.framework | — | Not in release | Not in release | Not in release |
| pdftohtml | — | Not in release | Not in release | Not in release |
| poppler | — | Fixed | Fixed | Fixed |
| tetex-bin | — | Not in release | Not in release | Not in release |
| texlive-bin | — | Not affected | Not affected | Not affected |
| xpdf | — | Not affected | Not in release | Not affected |
Some fixes available 2 of 37
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
11 affected packages
gpdf, xpdf, ipe, kdegraphics, koffice...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gpdf | — | Not in release | Not in release | Not in release |
| xpdf | — | Not affected | Not in release | Not affected |
| ipe | — | Not affected | Not affected | Not affected |
| kdegraphics | — | Not in release | Not in release | Not in release |
| koffice | — | Not in release | Not in release | Not in release |
| libextractor | — | Not affected | Not affected | Not affected |
| pdfkit.framework | — | Not in release | Not in release | Not in release |
| pdftohtml | — | Not in release | Not in release | Not in release |
| poppler | — | Not affected | Not affected | Not affected |
| tetex-bin | — | Not in release | Not in release | Not in release |
| texlive-bin | — | Not affected | Not affected | Not affected |
Some fixes available 21 of 58
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to...
14 affected packages
gpdf, cups, cupsys, evince, ipe...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gpdf | — | — | — | — |
| cups | — | — | — | — |
| cupsys | — | — | — | — |
| evince | — | — | — | — |
| ipe | — | — | — | — |
| kdegraphics | — | — | — | — |
| koffice | — | — | — | — |
| libextractor | — | — | — | — |
| pdfkit.framework | — | — | — | — |
| pdftohtml | — | — | — | — |
| poppler | — | — | — | — |
| tetex-bin | — | — | — | — |
| texlive-bin | — | — | — | — |
| xpdf | — | — | — | — |
Some fixes available 21 of 51
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to...
14 affected packages
gpdf, cups, evince, poppler, texlive-bin...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gpdf | — | — | — | — |
| cups | — | — | — | — |
| evince | — | — | — | — |
| poppler | — | — | — | — |
| texlive-bin | — | — | — | — |
| xpdf | — | — | — | — |
| cupsys | — | — | — | — |
| ipe | — | — | — | — |
| kdegraphics | — | — | — | — |
| koffice | — | — | — | — |
| libextractor | — | — | — | — |
| pdfkit.framework | — | — | — | — |
| pdftohtml | — | — | — | — |
| tetex-bin | — | — | — | — |
Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action.
1 affected package
torrentflux
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| torrentflux | — | — | — | — |
html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be...
1 affected package
torrentflux
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| torrentflux | — | — | — | — |
TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote...
1 affected package
tork
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tork | — | — | — | — |
Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0.
1 affected package
tor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tor | — | — | — | — |
Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input."
1 affected package
tor
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| tor | — | — | — | — |