Search CVE reports


Toggle filters

241 – 250 of 1279 results


CVE-2025-43964

Medium priority

Some fixes available 7 of 63

In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.

8 affected packages

darktable, exactimage, dcraw, rawtherapee, kodi...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Fixed Fixed Fixed Fixed
ufraw Not in release Not in release Not in release Not in release Needs evaluation
Show all 8 packages Show less packages

CVE-2025-43963

Medium priority

Some fixes available 7 of 63

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.

8 affected packages

darktable, exactimage, dcraw, rawtherapee, kodi...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Fixed Fixed Fixed Fixed
ufraw Not in release Not in release Not in release Not in release Needs evaluation
Show all 8 packages Show less packages

CVE-2025-43962

Medium priority

Some fixes available 7 of 63

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.

8 affected packages

darktable, exactimage, dcraw, rawtherapee, kodi...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Fixed Fixed Fixed Fixed
ufraw Not in release Not in release Not in release Not in release Needs evaluation
Show all 8 packages Show less packages

CVE-2025-43961

Medium priority

Some fixes available 7 of 63

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.

8 affected packages

darktable, exactimage, dcraw, rawtherapee, kodi...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
exactimage Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
dcraw Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
rawtherapee Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kodi Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
digikam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libraw Not affected Fixed Fixed Fixed Fixed
ufraw Not in release Not in release Not in release Not in release Needs evaluation
Show all 8 packages Show less packages

CVE-2025-22872

Medium priority

Some fixes available 8 of 14

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing,...

7 affected packages

adsys, containerd, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent...

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
adsys Not affected Not affected Not affected Not affected
containerd Not affected Not affected Not affected Not affected Not affected
golang-golang-x-net Not affected Fixed Fixed Not in release Not in release
golang-golang-x-net-dev Not in release Not in release Not in release Fixed Fixed
google-guest-agent Not affected Not affected Not affected Not affected Not affected
juju-core
lxd Not affected Fixed
Show all 7 packages Show less packages

CVE-2025-22868

Medium priority
Needs evaluation

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

2 affected packages

golang-golang-x-oauth2, google-guest-agent

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-golang-x-oauth2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
google-guest-agent Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2025-25299

Medium priority
Needs evaluation

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting (XSS) vulnerability was discovered in the CKEditor 5 real-time collaboration package. This...

4 affected packages

ckeditor, ldap-account-manager, request-tracker4, ckeditor3

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
ckeditor Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ldap-account-manager Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
request-tracker4 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ckeditor3 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2025-1244

Medium priority

Some fixes available 3 of 25

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a...

5 affected packages

xemacs21, xemacs21-packages, emacs, emacs24, emacs25

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
xemacs21 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xemacs21-packages Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
emacs Not affected Fixed Fixed Fixed
emacs24 Not in release Not in release Not in release Not in release
emacs25 Not in release Not in release Not in release Not in release Needs evaluation
Show less packages

CVE-2024-55195

Medium priority
Needs evaluation

An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a Denial of Service (DoS) when the program to requests to allocate too much space.

1 affected package

openimageio

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openimageio Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-55194

Medium priority
Needs evaluation

OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component /OpenImageIO/fmath.h.

1 affected package

openimageio

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
openimageio Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages