Search CVE reports
351 – 360 of 41351 results
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree...
2 affected packages
eglibc, glibc
| Package | 18.04 LTS |
|---|---|
| eglibc | — |
| glibc | Fixed |
node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the `path-reservations` system. On case-insensitive...
1 affected package
node-tar
| Package | 18.04 LTS |
|---|---|
| node-tar | Needs evaluation |
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an...
1 affected package
imagemagick
| Package | 18.04 LTS |
|---|---|
| imagemagick | Vulnerable |
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting Language) `<write>` command when...
1 affected package
imagemagick
| Package | 18.04 LTS |
|---|---|
| imagemagick | Needs evaluation |
ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the...
1 affected package
imagemagick
| Package | 18.04 LTS |
|---|---|
| imagemagick | Not affected |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A malicious server...
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 18.04 LTS |
|---|---|
| freerdp | Needs evaluation |
| freerdp2 | Ignored |
| freerdp3 | — |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A...
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 18.04 LTS |
|---|---|
| freerdp | Needs evaluation |
| freerdp2 | Ignored |
| freerdp3 | — |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx/cy`. A malicious server can...
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 18.04 LTS |
|---|---|
| freerdp | Needs evaluation |
| freerdp2 | Ignored |
| freerdp3 | — |
Some fixes available 1 of 2
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the...
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 18.04 LTS |
|---|---|
| freerdp | Needs evaluation |
| freerdp2 | Fixed |
| freerdp3 | — |
Some fixes available 1 of 2
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds...
3 affected packages
freerdp, freerdp2, freerdp3
| Package | 18.04 LTS |
|---|---|
| freerdp | Needs evaluation |
| freerdp2 | Fixed |
| freerdp3 | — |