Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ubuntu_linux
(Canonical)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-09-21 | CVE-2018-17294 | The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via out-of-bounds read) by crafting an input file with certain translation dictionaries. | Ubuntu_linux, Liblouis, Leap | 6.5 | ||
| 2018-09-16 | CVE-2018-17101 | An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | Ubuntu_linux, Debian_linux, Libtiff | 8.8 | ||
| 2018-09-16 | CVE-2018-17100 | An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. | Ubuntu_linux, Debian_linux, Libtiff | 8.8 | ||
| 2018-09-13 | CVE-2018-17000 | A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a crafted tiff file. This vulnerability can be triggered by the executable tiffcp. | Ubuntu_linux, Debian_linux, Libtiff | 6.5 | ||
| 2018-11-26 | CVE-2018-16862 | A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one. | Ubuntu_linux, Debian_linux, Linux_kernel, Enterprise_linux | 5.5 | ||
| 2018-09-06 | CVE-2018-16642 | The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write. | Ubuntu_linux, Debian_linux, Imagemagick | 6.5 | ||
| 2018-09-06 | CVE-2018-16640 | ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. | Ubuntu_linux, Imagemagick | 6.5 | ||
| 2018-09-02 | CVE-2018-16336 | Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. | Ubuntu_linux, Debian_linux, Exiv2 | 6.5 | ||
| 2018-08-25 | CVE-2018-15858 | Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file. | Ubuntu_linux, Libxkbcommon, Xkbcommon | 5.5 | ||
| 2018-08-20 | CVE-2018-15572 | The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks. | Ubuntu_linux, Debian_linux, Linux_kernel | 6.5 |