Search CVE reports
31 – 40 of 38290 results
An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file...
8 affected packages
libraw, ufraw, darktable, exactimage, dcraw...
| Package | 20.04 LTS |
|---|---|
| libraw | Needs evaluation |
| ufraw | — |
| darktable | Needs evaluation |
| exactimage | Needs evaluation |
| dcraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| kodi | Needs evaluation |
| digikam | Needs evaluation |
A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can...
8 affected packages
libraw, ufraw, darktable, exactimage, dcraw...
| Package | 20.04 LTS |
|---|---|
| libraw | Needs evaluation |
| ufraw | — |
| darktable | Needs evaluation |
| exactimage | Needs evaluation |
| dcraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| kodi | Needs evaluation |
| digikam | Needs evaluation |
A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide...
8 affected packages
libraw, ufraw, darktable, exactimage, dcraw...
| Package | 20.04 LTS |
|---|---|
| libraw | Needs evaluation |
| ufraw | — |
| darktable | Needs evaluation |
| exactimage | Needs evaluation |
| dcraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| kodi | Needs evaluation |
| digikam | Needs evaluation |
A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to...
8 affected packages
libraw, ufraw, darktable, exactimage, dcraw...
| Package | 20.04 LTS |
|---|---|
| libraw | Needs evaluation |
| ufraw | — |
| darktable | Needs evaluation |
| exactimage | Needs evaluation |
| dcraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| kodi | Needs evaluation |
| digikam | Needs evaluation |
An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to...
8 affected packages
libraw, ufraw, darktable, exactimage, dcraw...
| Package | 20.04 LTS |
|---|---|
| libraw | Needs evaluation |
| ufraw | — |
| darktable | Needs evaluation |
| exactimage | Needs evaluation |
| dcraw | Needs evaluation |
| rawtherapee | Needs evaluation |
| kodi | Needs evaluation |
| digikam | Needs evaluation |
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new instances to be created via forged `POST` data. Earlier,...
1 affected package
python-django
| Package | 20.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged `POST` data in `GenericInlineModelAdmin`. Earlier,...
1 affected package
python-django
| Package | 20.04 LTS |
|---|---|
| python-django | Fixed |
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants (with hyphens or with...
1 affected package
python-django
| Package | 20.04 LTS |
|---|---|
| python-django | Not affected |
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit when...
1 affected package
python-django
| Package | 20.04 LTS |
|---|---|
| python-django | Ignored |
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding:...
1 affected package
python-django
| Package | 20.04 LTS |
|---|---|
| python-django | Fixed |