Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 20 of 74 results


CVE-2020-27841

Low priority

Some fixes available 14 of 25

There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact...

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Fixed Fixed
insighttoolkit4 Not in release Not affected Not affected Not affected Not affected
openjpeg Not in release Not in release Not in release Not in release Not affected
openjpeg2 Fixed Fixed Fixed Fixed Fixed
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Not affected Not affected Not affected Not affected Not affected
Show all 7 packages Show less packages

CVE-2020-27824

Medium priority

Some fixes available 15 of 60

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this...

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Fixed Fixed
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not in release Fixed
openjpeg2 Fixed Fixed Fixed Fixed Fixed
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2020-27823

Medium priority

Some fixes available 12 of 56

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as...

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not in release Not affected
openjpeg2 Fixed Fixed Fixed Fixed Fixed
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2020-27814

Medium priority

Some fixes available 14 of 24

A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running...

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Fixed Fixed
insighttoolkit4 Not in release Not affected Not affected Not affected Not affected
openjpeg Not in release Not in release Not in release Not in release Not affected
openjpeg2 Fixed Fixed Fixed Fixed Fixed
qtwebengine-opensource-src Vulnerable Vulnerable Vulnerable Not affected Not in release
texmaker Not affected Not affected Not affected Not affected Not affected
Show all 7 packages Show less packages

CVE-2020-15389

Low priority
Fixed

jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible....

3 affected packages

ghostscript, openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ghostscript Not affected Not affected Not affected Not affected
openjpeg Not in release Not in release Not in release Not affected
openjpeg2 Fixed Fixed Fixed Fixed
Show less packages

CVE-2016-3182

High priority
Ignored

The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file.

2 affected packages

openjpeg, openjpeg2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openjpeg Not in release Ignored
openjpeg2 Not affected
Show less packages

CVE-2020-8112

Medium priority

Some fixes available 14 of 63

opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Fixed Fixed
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not in release Not affected
openjpeg2 Fixed Fixed Fixed Fixed Fixed
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2020-6851

Medium priority

Some fixes available 14 of 68

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.

7 affected packages

blender, ghostscript, insighttoolkit4, openjpeg, openjpeg2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ghostscript Not affected Not affected Not affected Fixed Fixed
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not in release Not affected
openjpeg2 Fixed Fixed Fixed Fixed Fixed
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2019-17546

Medium priority

Some fixes available 5 of 56

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param"...

17 affected packages

blender, chromium-browser, gdal, insighttoolkit4, ivtools...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Not affected Not affected Not affected Not affected Not affected
chromium-browser Not affected Not affected Not affected Not affected Not affected
gdal Not affected Not affected Not affected Not affected Vulnerable
insighttoolkit4 Not in release Not affected Not affected Not affected Not affected
ivtools Not affected Not affected Not affected Not affected Not affected
libtk-img Not affected Not affected Not affected Not affected Not affected
neuron Not affected Needs evaluation Needs evaluation Needs evaluation Not in release
openjpeg2 Not affected Not affected Not affected Not affected Not affected
paraview Not affected Not affected Not affected Not affected Not affected
povray Not affected Not affected Not affected Not affected Not affected
qt4-x11 Not in release Not in release Not in release Not affected Not affected
qtimageformats-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
sfftobmp Not affected Not affected Not affected Not affected Not affected
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not affected
tiff Not affected Not affected Not affected Fixed Fixed
xloadimage Not affected Not affected Not affected Not affected Not affected
Show all 17 packages Show less packages

CVE-2018-21010

Medium priority

Some fixes available 2 of 58

OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.

8 affected packages

blender, gdcm, ghostscript, insighttoolkit4, openjpeg...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
blender Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit4 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
openjpeg Not in release Not in release Not in release Not in release Ignored
openjpeg2 Not affected Not affected Not affected Fixed Fixed
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
texmaker Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 8 packages Show less packages