Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-09-07 | CVE-2017-14173 | In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value. | Ubuntu_linux, Debian_linux, Imagemagick | 6.5 | ||
| 2017-09-07 | CVE-2017-14172 | In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop. | Ubuntu_linux, Debian_linux, Imagemagick | 6.5 | ||
| 2017-08-23 | CVE-2017-13145 | In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. | Ubuntu_linux, Debian_linux, Imagemagick | 6.5 | ||
| 2017-08-23 | CVE-2017-13139 | In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGImage function in coders/png.c has an out-of-bounds read with the MNG CLIP chunk. | Ubuntu_linux, Debian_linux, Imagemagick | 9.8 | ||
| 2016-04-13 | CVE-2015-8806 | dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document. | Ubuntu_linux, Debian_linux, Libxml2 | N/A | ||
| 2020-05-09 | CVE-2019-20795 | iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability. | Ubuntu_linux, Iproute2 | N/A | ||
| 2018-10-09 | CVE-2018-17958 | Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used. | Ubuntu_linux, Debian_linux, Qemu, Virtualization, Virtualization_manager | N/A | ||
| 2018-08-16 | CVE-2018-14567 | libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. | Ubuntu_linux, Debian_linux, Libxml2 | 6.5 | ||
| 2018-07-19 | CVE-2018-14404 | A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. | Ubuntu_linux, Debian_linux, Libxml2 | 7.5 | ||
| 2017-11-17 | CVE-2017-16845 | hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. | Ubuntu_linux, Debian_linux, Qemu | N/A |