To know and do nothing, or to not know: which is worse

Just starting to integrate a Static Application Security Testing (SAST) system. I'm using Clair. And I thought I would start with something quite simple, something I wrote none of. Take 1 Ubuntu:18.04, add a dash of django, and... O No. Look at the list. (And before you make some comment about ubuntu or django, its all like this, I tried w/ debian, and w/ non python things... the lists are big).

Was I better in the 'ignorant but blissful' state earlier? This is my wiki, so the risk is, i guess, that someone uploads an image that is designed to trip one of these vulnerabilities, and then that goes through the other people on the team.

Now, imagemagick, you represent the bulk of these problems. Can I design you out somehow? Hmm.

So, any input from the peanut gallery, those who run SAST tools, do you just build a big 'ignore list' and turn away? or what?

What do you do with a huge list of security flaws found?

View Results

Loading ... Loading ...
featurename featureversion vulnerability namespace description link severity fixedby
sqlite3 3.22.0-1 CVE-2017-7000 ubuntu:18.04 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7000 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-13134 ubuntu:18.04 In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13134 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-13768 ubuntu:18.04 Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13768 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14531 ubuntu:18.04 ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14531 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-13769 ubuntu:18.04 The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13769 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-15277 ubuntu:18.04 ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15277 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14342 ubuntu:18.04 ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14342 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14625 ubuntu:18.04 ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14625 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14682 ubuntu:18.04 GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14682 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-16546 ubuntu:18.04 The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-16546 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14989 ubuntu:18.04 A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14989 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-15218 ubuntu:18.04 ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15218 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14624 ubuntu:18.04 ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14624 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14532 ubuntu:18.04 ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14532 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14326 ubuntu:18.04 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14326 Medium
tiff 4.0.9-5 CVE-2017-17973 ubuntu:18.04 ** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17973 Medium
tiff 4.0.9-5 CVE-2018-5360 ubuntu:18.04 LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5360 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-15217 ubuntu:18.04 ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15217 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14528 ubuntu:18.04 The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14528 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14505 ubuntu:18.04 DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14505 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-15281 ubuntu:18.04 ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to "Conditional jump or move depends on uninitialised value(s)." http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15281 Medium
hdf5 1.10.0-patch1+docs-4 CVE-2016-4330 ubuntu:18.04 In the HDF5 1.8.16 library's failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4330 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14400 ubuntu:18.04 In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14400 Medium
hdf5 1.10.0-patch1+docs-4 CVE-2016-4331 ubuntu:18.04 When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4331 Medium
hdf5 1.10.0-patch1+docs-4 CVE-2016-4332 ubuntu:18.04 The library's failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren't supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4332 Medium
libwebp 0.6.1-2 CVE-2016-9085 ubuntu:18.04 Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9085 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14533 ubuntu:18.04 ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14533 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-12691 ubuntu:18.04 The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12691 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14324 ubuntu:18.04 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14324 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-1000445 ubuntu:18.04 ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000445 Medium
heimdal 7.5.0+dfsg-1 CVE-2017-17439 ubuntu:18.04 In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17439 Medium
openjpeg2 2.3.0-1 CVE-2016-9675 ubuntu:18.04 openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9675 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14224 ubuntu:18.04 A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14224 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-17879 ubuntu:18.04 In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17879 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-12877 ubuntu:18.04 Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12877 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14325 ubuntu:18.04 In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14325 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14626 ubuntu:18.04 ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14626 Medium
glibc 2.27-3ubuntu1 CVE-2018-6551 ubuntu:18.04 The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6551 Medium
glibc 2.27-3ubuntu1 CVE-2017-8804 ubuntu:18.04 The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8804 Medium
glibc 2.27-3ubuntu1 CVE-2018-6485 ubuntu:18.04 An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6485 Medium
glibc 2.27-3ubuntu1 CVE-2017-17426 ubuntu:18.04 The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17426 Medium
procps 2:3.3.12-3ubuntu1 CVE-2018-1123 ubuntu:18.04 procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service). http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1123 Medium 2:3.3.12-3ubuntu1.1
procps 2:3.3.12-3ubuntu1 CVE-2018-1124 ubuntu:18.04 procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1124 Medium 2:3.3.12-3ubuntu1.1
openjpeg2 2.3.0-1 CVE-2017-14041 ubuntu:18.04 A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14041 Medium
procps 2:3.3.12-3ubuntu1 CVE-2018-1126 ubuntu:18.04 procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1126 Medium 2:3.3.12-3ubuntu1.1
openjpeg2 2.3.0-1 CVE-2017-12982 ubuntu:18.04 The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12982 Medium
openjpeg2 2.3.0-1 CVE-2016-9572 ubuntu:18.04 DoS vulnerability due to logic error http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9572 Medium
openjpeg2 2.3.0-1 CVE-2014-7945 ubuntu:18.04 OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7945 Medium
procps 2:3.3.12-3ubuntu1 CVE-2018-1122 ubuntu:18.04 procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1122 Medium 2:3.3.12-3ubuntu1.1
procps 2:3.3.12-3ubuntu1 CVE-2018-1125 ubuntu:18.04 procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1125 Medium 2:3.3.12-3ubuntu1.1
openjpeg2 2.3.0-1 CVE-2016-5159 ubuntu:18.04 Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5159 Medium
openjpeg2 2.3.0-1 CVE-2016-9581 ubuntu:18.04 infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1 http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9581 Medium
openjpeg2 2.3.0-1 CVE-2016-9580 ubuntu:18.04 integer overflow in tiftoimage resulting into heap buffer overflow http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9580 Medium
openjpeg2 2.3.0-1 CVE-2016-10504 ubuntu:18.04 Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10504 Medium
openjpeg2 2.3.0-1 CVE-2017-14040 ubuntu:18.04 An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14040 Medium
openjpeg2 2.3.0-1 CVE-2017-14039 ubuntu:18.04 A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14039 Medium
openjpeg2 2.3.0-1 CVE-2014-7947 ubuntu:18.04 OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7947 Medium
openjpeg2 2.3.0-1 CVE-2016-5139 ubuntu:18.04 Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5139 Medium
openjpeg2 2.3.0-1 CVE-2016-9573 ubuntu:18.04 DoS vulnerability due to logic error http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9573 Medium
openjpeg2 2.3.0-1 CVE-2016-5158 ubuntu:18.04 Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5158 Medium
sqlite3 3.22.0-1 CVE-2017-13685 ubuntu:18.04 The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13685 Medium
sqlite3 3.22.0-1 CVE-2017-2520 ubuntu:18.04 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2520 Medium
sqlite3 3.22.0-1 CVE-2017-2513 ubuntu:18.04 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2513 Medium
sqlite3 3.22.0-1 CVE-2017-2519 ubuntu:18.04 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2519 Medium
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-1000476 ubuntu:18.04 ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000476 Low
gnupg2 2.2.4-1ubuntu1 CVE-2018-9234 ubuntu:18.04 GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-9234 Low
libjpeg-turbo 1.5.2-0ubuntu5 CVE-2017-15232 ubuntu:18.04 libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15232 Low
libjpeg-turbo 1.5.2-0ubuntu5 CVE-2017-9614 ubuntu:18.04 The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9614 Low
util-linux 2.31.1-0.4ubuntu3 CVE-2016-5011 ubuntu:18.04 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5011 Low
sqlite3 3.22.0-1 CVE-2017-2518 ubuntu:18.04 An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2518 Low
util-linux 2.31.1-0.4ubuntu3 CVE-2016-2779 ubuntu:18.04 runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2779 Low
openjpeg2 2.3.0-1 CVE-2016-7445 ubuntu:18.04 convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7445 Low
bzip2 1.0.6-8.1 CVE-2016-3189 ubuntu:18.04 Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3189 Low
openjpeg2 2.3.0-1 CVE-2017-14164 ubuntu:18.04 A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14164 Low
libxdmcp 1:1.1.2-3 CVE-2017-2625 ubuntu:18.04 Weak entropy usage for session keys in libxdm http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2625 Low
vim 2:8.0.1453-1ubuntu1 CVE-2017-1000382 ubuntu:18.04 VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000382 Low
glibc 2.27-3ubuntu1 CVE-2017-1000408 ubuntu:18.04 A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000408 Low
git 1:2.17.0-1ubuntu1 CVE-2018-1000021 ubuntu:18.04 GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack). http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1000021 Low
glibc 2.27-3ubuntu1 CVE-2015-8985 ubuntu:18.04 The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8985 Low
glibc 2.27-3ubuntu1 CVE-2017-16997 ubuntu:18.04 elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-16997 Low
git 1:2.17.0-1ubuntu1 CVE-2017-15298 ubuntu:18.04 Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15298 Low
shadow 1:4.5-1ubuntu1 CVE-2013-4235 ubuntu:18.04 TOCTOU race conditions by copying and removing directory trees http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4235 Low
glibc 2.27-3ubuntu1 CVE-2015-5180 ubuntu:18.04 res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5180 Low
glibc 2.27-3ubuntu1 CVE-2017-15670 ubuntu:18.04 The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15670 Low
libxml2 2.9.4+dfsg1-6.1ubuntu1 CVE-2016-9318 ubuntu:18.04 libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9318 Low
glibc 2.27-3ubuntu1 CVE-2017-15804 ubuntu:18.04 The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15804 Low
glibc 2.27-3ubuntu1 CVE-2017-1000409 ubuntu:18.04 A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000409 Low
libxml2 2.9.4+dfsg1-6.1ubuntu1 CVE-2017-16932 ubuntu:18.04 parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-16932 Low
krb5 1.16-2build1 CVE-2017-11462 ubuntu:18.04 Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11462 Low
lcms2 2.9-1 CVE-2016-10165 ubuntu:18.04 The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10165 Low
libcroco 0.6.12-2 CVE-2017-7960 ubuntu:18.04 The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7960 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14173 ubuntu:18.04 In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14173 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-17886 ubuntu:18.04 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17886 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-12418 ubuntu:18.04 ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12418 Low
libcroco 0.6.12-2 CVE-2017-7961 ubuntu:18.04 ** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports "This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components." http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7961 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-17887 ubuntu:18.04 In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17887 Low
libcroco 0.6.12-2 CVE-2017-8834 ubuntu:18.04 The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8834 Low
libcroco 0.6.12-2 CVE-2017-8871 ubuntu:18.04 The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8871 Low
libx11 2:1.6.4-3 CVE-2016-7943 ubuntu:18.04 The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7943 Low
libx11 2:1.6.4-3 CVE-2016-7942 ubuntu:18.04 The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7942 Low
libexif 0.6.21-4 CVE-2016-6328 ubuntu:18.04 Integer overflow in parsing MNOTE entry data of the input file http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-6328 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14172 ubuntu:18.04 In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14172 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-12674 ubuntu:18.04 In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12674 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-12140 ubuntu:18.04 The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12140 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-11755 ubuntu:18.04 The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11755 Low
shadow 1:4.5-1ubuntu1 CVE-2018-7169 ubuntu:18.04 An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-7169 Low
glib2.0 2.56.1-2ubuntu1 CVE-2012-0039 ubuntu:18.04 ** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-0039 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-18008 ubuntu:18.04 In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-18008 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2018-6405 ubuntu:18.04 In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6405 Low
hdf5 1.10.0-patch1+docs-4 CVE-2016-4333 ubuntu:18.04 The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the array when initializing it. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4333 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14343 ubuntu:18.04 ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14343 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-17934 ubuntu:18.04 ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17934 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-15016 ubuntu:18.04 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15016 Low
libexif 0.6.21-4 CVE-2017-7544 ubuntu:18.04 libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7544 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14741 ubuntu:18.04 The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14741 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14174 ubuntu:18.04 In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large "length" field in the header but does not contain sufficient backing data, is provided, the loop over "length" would consume huge CPU resources, since there is no EOF check inside the loop. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14174 Low
openexr 2.2.0-11.1ubuntu1 CVE-2017-9112 ubuntu:18.04 In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9112 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14739 ubuntu:18.04 The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14739 Low
openexr 2.2.0-11.1ubuntu1 CVE-2017-9116 ubuntu:18.04 In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9116 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-17882 ubuntu:18.04 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17882 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-13131 ubuntu:18.04 In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13131 Low
gdk-pixbuf 2.36.11-2 CVE-2017-6313 ubuntu:18.04 Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6313 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14060 ubuntu:18.04 In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14060 Low
tiff 4.0.9-5 CVE-2017-17942 ubuntu:18.04 In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17942 Low
tiff 4.0.9-5 CVE-2018-8905 ubuntu:18.04 In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-8905 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-12692 ubuntu:18.04 The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12692 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-12644 ubuntu:18.04 ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12644 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-13133 ubuntu:18.04 In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13133 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14175 ubuntu:18.04 In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14175 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2018-5247 ubuntu:18.04 In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5247 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2018-5248 ubuntu:18.04 In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5248 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-17885 ubuntu:18.04 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17885 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-12433 ubuntu:18.04 In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12433 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-13062 ubuntu:18.04 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13062 Low
tiff 4.0.9-5 CVE-2018-7456 ubuntu:18.04 A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.) http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-7456 Low
cairo 1.15.10-2 CVE-2017-9814 ubuntu:18.04 cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9814 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14137 ubuntu:18.04 ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14137 Low
cairo 1.15.10-2 CVE-2017-7475 ubuntu:18.04 Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7475 Low
libxrender 1:0.9.10-1 CVE-2016-7949 ubuntu:18.04 Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7949 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-18022 ubuntu:18.04 In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-18022 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-15033 ubuntu:18.04 ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15033 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-13059 ubuntu:18.04 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13059 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-13061 ubuntu:18.04 In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13061 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-13060 ubuntu:18.04 In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13060 Low
libxrender 1:0.9.10-1 CVE-2016-7950 ubuntu:18.04 The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7950 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-13058 ubuntu:18.04 In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13058 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-12693 ubuntu:18.04 The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12693 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14684 ubuntu:18.04 In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14684 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-17883 ubuntu:18.04 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17883 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-11754 ubuntu:18.04 The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11754 Low
openldap 2.4.45+dfsg-1ubuntu1 CVE-2017-14159 ubuntu:18.04 slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14159 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14607 ubuntu:18.04 In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14607 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-12875 ubuntu:18.04 The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12875 Low
gdk-pixbuf 2.36.11-2 CVE-2017-6312 ubuntu:18.04 Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6312 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14249 ubuntu:18.04 ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14249 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-17914 ubuntu:18.04 In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17914 Low
coreutils 8.28-1ubuntu1 CVE-2016-2781 ubuntu:18.04 chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-17881 ubuntu:18.04 In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17881 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2018-5246 ubuntu:18.04 In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5246 Low
openexr 2.2.0-11.1ubuntu1 CVE-2017-14988 ubuntu:18.04 Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14988 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-15017 ubuntu:18.04 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15017 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-15015 ubuntu:18.04 ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15015 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-17884 ubuntu:18.04 In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17884 Low
openexr 2.2.0-11.1ubuntu1 CVE-2017-9110 ubuntu:18.04 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9110 Low
nss 2:3.35-2ubuntu2 CVE-2017-11695 ubuntu:18.04 Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11695 Low
nss 2:3.35-2ubuntu2 CVE-2017-11698 ubuntu:18.04 Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11698 Low
nss 2:3.35-2ubuntu2 CVE-2017-11697 ubuntu:18.04 The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11697 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14341 ubuntu:18.04 ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14341 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-15032 ubuntu:18.04 ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15032 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-12983 ubuntu:18.04 Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12983 Low
nss 2:3.35-2ubuntu2 CVE-2017-11696 ubuntu:18.04 Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11696 Low
openssl 1.1.0g-2ubuntu4 CVE-2018-0737 ubuntu:18.04 The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o). http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-0737 Low
gdk-pixbuf 2.36.11-2 CVE-2017-6314 ubuntu:18.04 The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6314 Low
openexr 2.2.0-11.1ubuntu1 CVE-2017-12596 ubuntu:18.04 In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12596 Low
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-13758 ubuntu:18.04 In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13758 Negligible
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14139 ubuntu:18.04 ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14139 Negligible
glibc 2.27-3ubuntu1 CVE-2016-10228 ubuntu:18.04 The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10228 Negligible
ncurses 6.1-1ubuntu1 CVE-2017-13732 ubuntu:18.04 There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13732 Negligible
ncurses 6.1-1ubuntu1 CVE-2017-13731 ubuntu:18.04 There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13731 Negligible
ncurses 6.1-1ubuntu1 CVE-2017-11112 ubuntu:18.04 In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11112 Negligible
ncurses 6.1-1ubuntu1 CVE-2017-11113 ubuntu:18.04 In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11113 Negligible
ncurses 6.1-1ubuntu1 CVE-2017-10685 ubuntu:18.04 In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-10685 Negligible
ncurses 6.1-1ubuntu1 CVE-2017-13729 ubuntu:18.04 There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13729 Negligible
ncurses 6.1-1ubuntu1 CVE-2017-13728 ubuntu:18.04 There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13728 Negligible
ncurses 6.1-1ubuntu1 CVE-2017-10684 ubuntu:18.04 In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-10684 Negligible
ncurses 6.1-1ubuntu1 CVE-2017-13733 ubuntu:18.04 There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13733 Negligible
ncurses 6.1-1ubuntu1 CVE-2017-13734 ubuntu:18.04 There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13734 Negligible
ncurses 6.1-1ubuntu1 CVE-2017-13730 ubuntu:18.04 There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13730 Negligible
jbigkit 2.1-3.1build1 CVE-2017-9937 ubuntu:18.04 In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9937 Negligible
dpkg 1.19.0.5ubuntu2 CVE-2017-8283 ubuntu:18.04 dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8283 Negligible
tiff 4.0.9-5 CVE-2017-16232 ubuntu:18.04 memory-based DoS in tiff2bw http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-16232 Negligible
tiff 4.0.9-5 CVE-2015-7313 ubuntu:18.04 LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7313 Negligible
pcre3 2:8.39-9 CVE-2017-7245 ubuntu:18.04 Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7245 Negligible
pcre3 2:8.39-9 CVE-2017-7246 ubuntu:18.04 Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7246 Negligible
imagemagick 8:6.9.7.4+dfsg-16ubuntu6 CVE-2017-14138 ubuntu:18.04 ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors. http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14138 Negligible

Leave a Reply

Your email address will not be published. Required fields are marked *

*