Search CVE reports
31 – 40 of 848 results
Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can...
1 affected package
node-marked
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| node-marked | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
Some fixes available 3 of 5
league/commonmark is a PHP Markdown parser. A cross-site scripting (XSS) vulnerability in the Attributes extension of the league/commonmark library (versions 1.5.0 through 2.6.x) allows remote attackers to insert...
1 affected package
php-league-commonmark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| php-league-commonmark | Not affected | Fixed | Fixed | Fixed | — |
Some fixes available 7 of 57
In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
8 affected packages
dcraw, ufraw, darktable, exactimage, rawtherapee...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| ufraw | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| exactimage | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| libraw | Not affected | Fixed | Fixed | Fixed | Fixed |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| digikam | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
Some fixes available 7 of 57
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.
8 affected packages
ufraw, darktable, exactimage, dcraw, rawtherapee...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ufraw | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| exactimage | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| digikam | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| libraw | Not affected | Fixed | Fixed | Fixed | Fixed |
Some fixes available 7 of 57
In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
8 affected packages
ufraw, darktable, exactimage, dcraw, rawtherapee...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ufraw | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| exactimage | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| digikam | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| libraw | Not affected | Fixed | Fixed | Fixed | Fixed |
Some fixes available 7 of 57
In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
8 affected packages
dcraw, ufraw, darktable, exactimage, libraw...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| dcraw | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| ufraw | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| darktable | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| exactimage | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| libraw | Not affected | Fixed | Fixed | Fixed | Fixed |
| rawtherapee | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| kodi | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
| digikam | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file
1 affected package
wireshark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| wireshark | Not affected | Vulnerable | Not affected | Not affected | Not affected |
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.
1 affected package
ark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| ark | Not affected | Needs evaluation | Needs evaluation | Ignored | Needs evaluation |
ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
1 affected package
wireshark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| wireshark | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file
1 affected package
wireshark
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| wireshark | Not affected | Vulnerable | Not affected | Not affected | Not affected |