Search CVE reports
341 – 350 of 43898 results
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT...
1 affected package
imagemagick
| Package | 22.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk...
1 affected package
imagemagick
| Package | 22.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman_call_on_receive due to improper synchronization of channel_callback access. A malicious RDP server can trigger a race condition by...
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 22.04 LTS |
|---|---|
| freerdp | Not in release |
| freerdp2 | Needs evaluation |
| freerdp3 | Not in release |
Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block...
1 affected package
libimager-perl
| Package | 22.04 LTS |
|---|---|
| libimager-perl | Needs evaluation |
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password verification function uses standard memcmp() for comparing password hashes instead of a constant-time comparison function. A remote attacker could potentially...
1 affected package
389-ds-base
| Package | 22.04 LTS |
|---|---|
| 389-ds-base | Needs evaluation |
A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties() before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to...
2 affected packages
libxfont, libxfont2
| Package | 22.04 LTS |
|---|---|
| libxfont | Needs evaluation |
| libxfont2 | Not in release |
A heap bufferflow in pcfReadFont() due to missing glyph bounds checking in libXfont2 before 2.0.8 allows attackers authenticated as X client to execute code within the X server.
2 affected packages
libxfont, libxfont2
| Package | 22.04 LTS |
|---|---|
| libxfont | Needs evaluation |
| libxfont2 | Not in release |
A heap buffer overflow in BitmapScaleBitmaps in libXfont2 before 2.0.8 due to an overflowing 32bit size could be used by attackers able to access the X Server to execute code within the X server cont
2 affected packages
libxfont, libxfont2
| Package | 22.04 LTS |
|---|---|
| libxfont | Needs evaluation |
| libxfont2 | Not in release |
Local attackers with a X connection able to provide GLX commit to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a Heap Use After Free, due to CommonMakeCurrent() pointing into...
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 22.04 LTS |
|---|---|
| xorg | Not affected |
| xorg-server | Needs evaluation |
| xwayland | Needs evaluation |
| xorg-server-hwe-16.04 | Not in release |
| xorg-server-hwe-18.04 | Not in release |
| xorg-hwe-16.04 | Not in release |
| xorg-hwe-18.04 | Not in release |
Local attackers with a X connection able to provide PCX fonts to the X server xorg-server before 21.2.24 and xwayland before 24.1.13 could cause a heap buffer overflow via SetFont due to missing glyph boundary checks.
7 affected packages
xorg, xorg-server, xwayland, xorg-server-hwe-16.04, xorg-server-hwe-18.04...
| Package | 22.04 LTS |
|---|---|
| xorg | Not affected |
| xorg-server | Needs evaluation |
| xwayland | Needs evaluation |
| xorg-server-hwe-16.04 | Not in release |
| xorg-server-hwe-18.04 | Not in release |
| xorg-hwe-16.04 | Not in release |
| xorg-hwe-18.04 | Not in release |