Search CVE reports
151 – 160 of 43937 results
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size.
1 affected package
roundcube
| Package | 22.04 LTS |
|---|---|
| roundcube | Needs evaluation |
DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array...
1 affected package
libdbi-perl
| Package | 22.04 LTS |
|---|---|
| libdbi-perl | Needs evaluation |
DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large...
1 affected package
libdbi-perl
| Package | 22.04 LTS |
|---|---|
| libdbi-perl | Needs evaluation |
Pillow is a Python imaging library. Prior to 12.3.0, Pillow's ImageCms.ImageCmsTransform.apply(im, imOut) API can trigger controlled native heap corruption when the caller supplies an output image whose mode does not match the...
2 affected packages
pillow, pillow-python2
| Package | 22.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Not in release |
Pillow is a Python imaging library. From 8.2.0 through 12.2.0, src/libImaging/Jpeg2KDecode.c accumulates total_component_width across every tile in a JPEG2000 image instead of recomputing it per tile, allowing a crafted tiled...
2 affected packages
pillow, pillow-python2
| Package | 22.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Not in release |
Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open() to seek...
2 affected packages
pillow, pillow-python2
| Package | 22.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Not in release |
Pillow is a Python imaging library. Prior to 12.3.0, Pillow public image coordinate APIs can trigger a native heap out-of-bounds write when given coordinates near the signed 32-bit integer limits in Image.paste(), Image.crop(), or...
2 affected packages
pillow, pillow-python2
| Package | 22.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Not in release |
Pillow is a Python imaging library. From 5.2.0 until 12.3.0, Pillow's TGA RLE encoder reads past its packed row buffer when saving a mode 1 image with TGA RLE compression, allowing adjacent process heap bytes to be copied into the...
2 affected packages
pillow, pillow-python2
| Package | 22.04 LTS |
|---|---|
| pillow | Needs evaluation |
| pillow-python2 | Not in release |
Not in release
A vulnerability was found in svgdotjs svg.js up to 3.2.5. This affects the function EventTarget.on of the file svgdotjs/svg.js of the component npm Package API. Performing a manipulation results in improperly...
1 affected package
node-svgdotjs-svg.js
| Package | 22.04 LTS |
|---|---|
| node-svgdotjs-svg.js | Not in release |
DBD::File versions before 1.651 for Perl do not ensure the table file is not a symlink to an untrusted location. The complete_table_name method builds the absolute table file path without checking whether the file is a symbolic...
1 affected package
libdbi-perl
| Package | 22.04 LTS |
|---|---|
| libdbi-perl | Needs evaluation |