To know and do nothing, or to not know: which is worse

Just starting to integrate a Static Application Security Testing (SAST) system. I’m using Clair. And I thought I would start with something quite simple, something I wrote none of. Take 1 Ubuntu:18.04, add a dash of django, and… O No. Look at the list. (And before you make some comment about ubuntu or django, its all like this, I tried w/ debian, and w/ non python things… the lists are big).

Was I better in the ‘ignorant but blissful’ state earlier? This is my wiki, so the risk is, i guess, that someone uploads an image that is designed to trip one of these vulnerabilities, and then that goes through the other people on the team.

Now, imagemagick, you represent the bulk of these problems. Can I design you out somehow? Hmm.

So, any input from the peanut gallery, those who run SAST tools, do you just build a big ‘ignore list’ and turn away? or what?

What do you do with a huge list of security flaws found?

View Results

Loading ... Loading …
featurenamefeatureversionvulnerabilitynamespacedescriptionlinkseverityfixedby
sqlite33.22.0-1CVE-2017-7000ubuntu:18.04An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the “SQLite” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7000Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-13134ubuntu:18.04In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer over-read was found in the function SFWScan in coders/sfw.c, which allows attackers to cause a denial of service via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13134Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-13768ubuntu:18.04Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13768Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14531ubuntu:18.04ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in coders/sun.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14531Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-13769ubuntu:18.04The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick through 7.0.6-10 allows an attacker to cause a denial of service (buffer over-read) by sending a crafted JPEG file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13769Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-15277ubuntu:18.04ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick 1.3.26 leaves the palette uninitialized when processing a GIF file that has neither a global nor local palette. If the affected product is used as a library loaded into a process that operates on interesting data, this data sometimes can be leaked via the uninitialized palette.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15277Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14342ubuntu:18.04ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGImage in coders/wpg.c via a crafted wpg image file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14342Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14625ubuntu:18.04ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_output_create in coders/sixel.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14625Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14682ubuntu:18.04GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted SVG document, a different vulnerability than CVE-2017-10928.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14682Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-16546ubuntu:18.04The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does not properly validate the colormap index in a WPG palette, which allows remote attackers to cause a denial of service (use of uninitialized data or invalid memory allocation) or possibly have unspecified other impact via a malformed WPG file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-16546Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14989ubuntu:18.04A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14989Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-15218ubuntu:18.04ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15218Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14624ubuntu:18.04ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14624Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14532ubuntu:18.04ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in coders/tiff.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14532Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14326ubuntu:18.04In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14326Medium
tiff4.0.9-5CVE-2017-17973ubuntu:18.04** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17973Medium
tiff4.0.9-5CVE-2018-5360ubuntu:18.04LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5360Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-15217ubuntu:18.04ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15217Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14528ubuntu:18.04The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14528Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14505ubuntu:18.04DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 mishandles certain NULL arrays, which allows attackers to perform Denial of Service (NULL pointer dereference and application crash in AcquireQuantumMemory within MagickCore/memory.c) by providing a crafted Image File as input.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14505Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-15281ubuntu:18.04ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to “Conditional jump or move depends on uninitialised value(s).”http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15281Medium
hdf51.10.0-patch1+docs-4CVE-2016-4330ubuntu:18.04In the HDF5 1.8.16 library’s failure to check if the number of dimensions for an array read from the file is within the bounds of the space allocated for it, a heap-based buffer overflow will occur, potentially leading to arbitrary code execution.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4330Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14400ubuntu:18.04In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14400Medium
hdf51.10.0-patch1+docs-4CVE-2016-4331ubuntu:18.04When decoding data out of a dataset encoded with the H5Z_NBIT decoding, the HDF5 1.8.16 library will fail to ensure that the precision is within the bounds of the size leading to arbitrary code execution.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4331Medium
hdf51.10.0-patch1+docs-4CVE-2016-4332ubuntu:18.04The library’s failure to check if certain message types support a particular flag, the HDF5 1.8.16 library will cast the structure to an alternative structure and then assign to fields that aren’t supported by the message type and the library will write outside the bounds of the heap buffer. This can lead to code execution under the context of the library.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4332Medium
libwebp0.6.1-2CVE-2016-9085ubuntu:18.04Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9085Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14533ubuntu:18.04ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14533Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-12691ubuntu:18.04The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12691Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14324ubuntu:18.04In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14324Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-1000445ubuntu:18.04ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of servicehttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000445Medium
heimdal7.5.0+dfsg-1CVE-2017-17439ubuntu:18.04In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to the _kdc_as_rep function in kdc/kerberos5.c and the der_length_visible_string function in lib/asn1/der_length.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17439Medium
openjpeg22.3.0-1CVE-2016-9675ubuntu:18.04openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9675Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14224ubuntu:18.04A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service or code execution via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14224Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-17879ubuntu:18.04In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17879Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-12877ubuntu:18.04Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12877Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14325ubuntu:18.04In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function PersistPixelCache in magick/cache.c, which allows attackers to cause a denial of service (memory consumption in ReadMPCImage in coders/mpc.c) via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14325Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14626ubuntu:18.04ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14626Medium
glibc2.27-3ubuntu1CVE-2018-6551ubuntu:18.04The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6551Medium
glibc2.27-3ubuntu1CVE-2017-8804ubuntu:18.04The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8804Medium
glibc2.27-3ubuntu1CVE-2018-6485ubuntu:18.04An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6485Medium
glibc2.27-3ubuntu1CVE-2017-17426ubuntu:18.04The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17426Medium
procps2:3.3.12-3ubuntu1CVE-2018-1123ubuntu:18.04procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1123Medium2:3.3.12-3ubuntu1.1
procps2:3.3.12-3ubuntu1CVE-2018-1124ubuntu:18.04procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1124Medium2:3.3.12-3ubuntu1.1
openjpeg22.3.0-1CVE-2017-14041ubuntu:18.04A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14041Medium
procps2:3.3.12-3ubuntu1CVE-2018-1126ubuntu:18.04procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1126Medium2:3.3.12-3ubuntu1.1
openjpeg22.3.0-1CVE-2017-12982ubuntu:18.04The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12982Medium
openjpeg22.3.0-1CVE-2016-9572ubuntu:18.04DoS vulnerability due to logic errorhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9572Medium
openjpeg22.3.0-1CVE-2014-7945ubuntu:18.04OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7945Medium
procps2:3.3.12-3ubuntu1CVE-2018-1122ubuntu:18.04procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1122Medium2:3.3.12-3ubuntu1.1
procps2:3.3.12-3ubuntu1CVE-2018-1125ubuntu:18.04procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1125Medium2:3.3.12-3ubuntu1.1
openjpeg22.3.0-1CVE-2016-5159ubuntu:18.04Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5159Medium
openjpeg22.3.0-1CVE-2016-9581ubuntu:18.04infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9581Medium
openjpeg22.3.0-1CVE-2016-9580ubuntu:18.04integer overflow in tiftoimage resulting into heap buffer overflowhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9580Medium
openjpeg22.3.0-1CVE-2016-10504ubuntu:18.04Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10504Medium
openjpeg22.3.0-1CVE-2017-14040ubuntu:18.04An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14040Medium
openjpeg22.3.0-1CVE-2017-14039ubuntu:18.04A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14039Medium
openjpeg22.3.0-1CVE-2014-7947ubuntu:18.04OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7947Medium
openjpeg22.3.0-1CVE-2016-5139ubuntu:18.04Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5139Medium
openjpeg22.3.0-1CVE-2016-9573ubuntu:18.04DoS vulnerability due to logic errorhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9573Medium
openjpeg22.3.0-1CVE-2016-5158ubuntu:18.04Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5158Medium
sqlite33.22.0-1CVE-2017-13685ubuntu:18.04The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13685Medium
sqlite33.22.0-1CVE-2017-2520ubuntu:18.04An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the “SQLite” component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2520Medium
sqlite33.22.0-1CVE-2017-2513ubuntu:18.04An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the “SQLite” component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2513Medium
sqlite33.22.0-1CVE-2017-2519ubuntu:18.04An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the “SQLite” component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2519Medium
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-1000476ubuntu:18.04ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000476Low
gnupg22.2.4-1ubuntu1CVE-2018-9234ubuntu:18.04GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-9234Low
libjpeg-turbo1.5.2-0ubuntu5CVE-2017-15232ubuntu:18.04libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15232Low
libjpeg-turbo1.5.2-0ubuntu5CVE-2017-9614ubuntu:18.04The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9614Low
util-linux2.31.1-0.4ubuntu3CVE-2016-5011ubuntu:18.04The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5011Low
sqlite33.22.0-1CVE-2017-2518ubuntu:18.04An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the “SQLite” component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2518Low
util-linux2.31.1-0.4ubuntu3CVE-2016-2779ubuntu:18.04runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal’s input buffer.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2779Low
openjpeg22.3.0-1CVE-2016-7445ubuntu:18.04convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7445Low
bzip21.0.6-8.1CVE-2016-3189ubuntu:18.04Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3189Low
openjpeg22.3.0-1CVE-2017-14164ubuntu:18.04A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14164Low
libxdmcp1:1.1.2-3CVE-2017-2625ubuntu:18.04Weak entropy usage for session keys in libxdmhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2625Low
vim2:8.0.1453-1ubuntu1CVE-2017-1000382ubuntu:18.04VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file (“[ORIGINAL_FILENAME].swp”) resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000382Low
glibc2.27-3ubuntu1CVE-2017-1000408ubuntu:18.04A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000408Low
git1:2.17.0-1ubuntu1CVE-2018-1000021ubuntu:18.04GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-1000021Low
glibc2.27-3ubuntu1CVE-2015-8985ubuntu:18.04The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8985Low
glibc2.27-3ubuntu1CVE-2017-16997ubuntu:18.04elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the “./” directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-16997Low
git1:2.17.0-1ubuntu1CVE-2017-15298ubuntu:18.04Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service (memory consumption) via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to build the data structure in memory before writing to disk.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15298Low
shadow1:4.5-1ubuntu1CVE-2013-4235ubuntu:18.04TOCTOU race conditions by copying and removing directory treeshttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4235Low
glibc2.27-3ubuntu1CVE-2015-5180ubuntu:18.04res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5180Low
glibc2.27-3ubuntu1CVE-2017-15670ubuntu:18.04The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15670Low
libxml22.9.4+dfsg1-6.1ubuntu1CVE-2016-9318ubuntu:18.04libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9318Low
glibc2.27-3ubuntu1CVE-2017-15804ubuntu:18.04The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15804Low
glibc2.27-3ubuntu1CVE-2017-1000409ubuntu:18.04A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000409Low
libxml22.9.4+dfsg1-6.1ubuntu1CVE-2017-16932ubuntu:18.04parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-16932Low
krb51.16-2build1CVE-2017-11462ubuntu:18.04Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11462Low
lcms22.9-1CVE-2016-10165ubuntu:18.04The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10165Low
libcroco0.6.12-2CVE-2017-7960ubuntu:18.04The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7960Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14173ubuntu:18.04In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation “GetQuantumRange(depth)+1” when “depth” is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large “max_value” value.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14173Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-17886ubuntu:18.04In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17886Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-12418ubuntu:18.04ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c, related to the WriteImage function in MagickCore/constitute.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12418Low
libcroco0.6.12-2CVE-2017-7961ubuntu:18.04** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an “outside the range of representable values of type long” undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. NOTE: third-party analysis reports “This is not a security issue in my view. The conversion surely is truncating the double into a long value, but there is no impact as the value is one of the RGB components.”http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7961Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-17887ubuntu:18.04In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed by ReadOneMNGImage.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17887Low
libcroco0.6.12-2CVE-2017-8834ubuntu:18.04The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8834Low
libcroco0.6.12-2CVE-2017-8871ubuntu:18.04The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8871Low
libx112:1.6.4-3CVE-2016-7943ubuntu:18.04The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7943Low
libx112:1.6.4-3CVE-2016-7942ubuntu:18.04The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7942Low
libexif0.6.21-4CVE-2016-6328ubuntu:18.04Integer overflow in parsing MNOTE entry data of the input filehttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-6328Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14172ubuntu:18.04In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large “extent” field in the header but does not contain sufficient backing data, is provided, the loop over “length” would consume huge CPU resources, since there is no EOF check inside the loop.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14172Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-12674ubuntu:18.04In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12674Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-12140ubuntu:18.04The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an integer signedness error leading to excessive memory consumption via a crafted DCM file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12140Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-11755ubuntu:18.04The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11755Low
shadow1:4.5-1ubuntu1CVE-2018-7169ubuntu:18.04An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used “group blacklisting” (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-7169Low
glib2.02.56.1-2ubuntu1CVE-2012-0039ubuntu:18.04** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-0039Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-18008ubuntu:18.04In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-18008Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2018-6405ubuntu:18.04In the ReadDCMImage function in coders/dcm.c in ImageMagick before 7.0.7-23, each redmap, greenmap, and bluemap variable can be overwritten by a new pointer. The previous pointer is lost, which leads to a memory leak. This allows remote attackers to cause a denial of service.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-6405Low
hdf51.10.0-patch1+docs-4CVE-2016-4333ubuntu:18.04The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop’s terminator. Due to this, an aggressor can cause the loop’s index to point outside the bounds of the array when initializing it.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4333Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14343ubuntu:18.04ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in coders/xcf.c via a crafted xcf image file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14343Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-17934ubuntu:18.04ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17934Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-15016ubuntu:18.04ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadEnhMetaFile in coders/emf.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15016Low
libexif0.6.21-4CVE-2017-7544ubuntu:18.04libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7544Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14741ubuntu:18.04The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14741Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14174ubuntu:18.04In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInternal() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted PSD file, which claims a large “length” field in the header but does not contain sufficient backing data, is provided, the loop over “length” would consume huge CPU resources, since there is no EOF check inside the loop.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14174Low
openexr2.2.0-11.1ubuntu1CVE-2017-9112ubuntu:18.04In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9112Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14739ubuntu:18.04The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14739Low
openexr2.2.0-11.1ubuntu1CVE-2017-9116ubuntu:18.04In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9116Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-17882ubuntu:18.04In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17882Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-13131ubuntu:18.04In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (memory consumption in NewLinkedList in MagickCore/linked-list.c) via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13131Low
gdk-pixbuf2.36.11-2CVE-2017-6313ubuntu:18.04Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6313Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14060ubuntu:18.04In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14060Low
tiff4.0.9-5CVE-2017-17942ubuntu:18.04In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17942Low
tiff4.0.9-5CVE-2018-8905ubuntu:18.04In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-8905Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-12692ubuntu:18.04The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12692Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-12644ubuntu:18.04ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in coders\dcm.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12644Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-13133ubuntu:18.04In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks offset validation, which allows attackers to cause a denial of service (load_tile memory exhaustion) via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13133Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14175ubuntu:18.04In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted XBM file, which claims large rows and columns fields in the header but does not contain sufficient backing data, is provided, the loop over the rows would consume huge CPU resources, since there is no EOF check inside the loop.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14175Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2018-5247ubuntu:18.04In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5247Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2018-5248ubuntu:18.04In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5248Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-17885ubuntu:18.04In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17885Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-12433ubuntu:18.04In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the function ReadPESImage in coders/pes.c, which allows attackers to cause a denial of service, related to ResizeMagickMemory in memory.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12433Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-13062ubuntu:18.04In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13062Low
tiff4.0.9-5CVE-2018-7456ubuntu:18.04A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-7456Low
cairo1.15.10-2CVE-2017-9814ubuntu:18.04cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9814Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14137ubuntu:18.04ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14137Low
cairo1.15.10-2CVE-2017-7475ubuntu:18.04Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7475Low
libxrender1:0.9.10-1CVE-2016-7949ubuntu:18.04Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7949Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-18022ubuntu:18.04In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-18022Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-15033ubuntu:18.04ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in coders/yuv.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15033Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-13059ubuntu:18.04In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WriteOneJNGImage in coders/png.c, which allows attackers to cause a denial of service (WriteJNGImage memory consumption) via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13059Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-13061ubuntu:18.04In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13061Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-13060ubuntu:18.04In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13060Low
libxrender1:0.9.10-1CVE-2016-7950ubuntu:18.04The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7950Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-13058ubuntu:18.04In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function WritePCXImage in coders/pcx.c, which allows attackers to cause a denial of service via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13058Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-12693ubuntu:18.04The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted BMP file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12693Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14684ubuntu:18.04In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in the function ReadVIPSImage in coders/vips.c, which allows attackers to cause a denial of service (memory consumption in ResizeMagickMemory in MagickCore/memory.c) via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14684Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-17883ubuntu:18.04In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17883Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-11754ubuntu:18.04The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11754Low
openldap2.4.45+dfsg-1ubuntu1CVE-2017-14159ubuntu:18.04slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a “kill `cat /pathname`” command, as demonstrated by openldap-initscript.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14159Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14607ubuntu:18.04In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14607Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-12875ubuntu:18.04The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (CPU consumption) via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12875Low
gdk-pixbuf2.36.11-2CVE-2017-6312ubuntu:18.04Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6312Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14249ubuntu:18.04ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14249Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-17914ubuntu:18.04In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ReadOnePNGImage in coders/png.c, which allows attackers to cause a denial of service (ReadOneMNGImage large loop) via a crafted mng image file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17914Low
coreutils8.28-1ubuntu1CVE-2016-2781ubuntu:18.04chroot in GNU coreutils, when used with –userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal’s input buffer.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-17881ubuntu:18.04In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service via a crafted MAT image file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17881Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2018-5246ubuntu:18.04In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5246Low
openexr2.2.0-11.1ubuntu1CVE-2017-14988ubuntu:18.04Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14988Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-15017ubuntu:18.04ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ReadOneMNGImage in coders/png.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15017Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-15015ubuntu:18.04ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in PDFDelegateMessage in coders/pdf.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15015Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-17884ubuntu:18.04In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-17884Low
openexr2.2.0-11.1ubuntu1CVE-2017-9110ubuntu:18.04In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9110Low
nss2:3.35-2ubuntu2CVE-2017-11695ubuntu:18.04Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11695Low
nss2:3.35-2ubuntu2CVE-2017-11698ubuntu:18.04Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11698Low
nss2:3.35-2ubuntu2CVE-2017-11697ubuntu:18.04The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11697Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14341ubuntu:18.04ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in coders/wpg.c, causing CPU exhaustion via a crafted wpg image file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14341Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-15032ubuntu:18.04ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-15032Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-12983ubuntu:18.04Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c in ImageMagick 7.0.6-8 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12983Low
nss2:3.35-2ubuntu2CVE-2017-11696ubuntu:18.04Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11696Low
openssl1.1.0g-2ubuntu4CVE-2018-0737ubuntu:18.04The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-0737Low
gdk-pixbuf2.36.11-2CVE-2017-6314ubuntu:18.04The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6314Low
openexr2.2.0-11.1ubuntu1CVE-2017-12596ubuntu:18.04In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12596Low
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-13758ubuntu:18.04In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the TracePoint() function in MagickCore/draw.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13758Negligible
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14139ubuntu:18.04ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14139Negligible
glibc2.27-3ubuntu1CVE-2016-10228ubuntu:18.04The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10228Negligible
ncurses6.1-1ubuntu1CVE-2017-13732ubuntu:18.04There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13732Negligible
ncurses6.1-1ubuntu1CVE-2017-13731ubuntu:18.04There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13731Negligible
ncurses6.1-1ubuntu1CVE-2017-11112ubuntu:18.04In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11112Negligible
ncurses6.1-1ubuntu1CVE-2017-11113ubuntu:18.04In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11113Negligible
ncurses6.1-1ubuntu1CVE-2017-10685ubuntu:18.04In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-10685Negligible
ncurses6.1-1ubuntu1CVE-2017-13729ubuntu:18.04There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13729Negligible
ncurses6.1-1ubuntu1CVE-2017-13728ubuntu:18.04There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13728Negligible
ncurses6.1-1ubuntu1CVE-2017-10684ubuntu:18.04In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-10684Negligible
ncurses6.1-1ubuntu1CVE-2017-13733ubuntu:18.04There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13733Negligible
ncurses6.1-1ubuntu1CVE-2017-13734ubuntu:18.04There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13734Negligible
ncurses6.1-1ubuntu1CVE-2017-13730ubuntu:18.04There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-13730Negligible
jbigkit2.1-3.1build1CVE-2017-9937ubuntu:18.04In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9937Negligible
dpkg1.19.0.5ubuntu2CVE-2017-8283ubuntu:18.04dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8283Negligible
tiff4.0.9-5CVE-2017-16232ubuntu:18.04memory-based DoS in tiff2bwhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-16232Negligible
tiff4.0.9-5CVE-2015-7313ubuntu:18.04LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7313Negligible
pcre32:8.39-9CVE-2017-7245ubuntu:18.04Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7245Negligible
pcre32:8.39-9CVE-2017-7246ubuntu:18.04Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7246Negligible
imagemagick8:6.9.7.4+dfsg-16ubuntu6CVE-2017-14138ubuntu:18.04ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-14138Negligible

Posted

in

by

db

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *