Total
9113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27818 | 3 Debian, Fedoraproject, Libpng | 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability. | |||||
| CVE-2020-27815 | 3 Debian, Linux, Netapp | 22 Debian Linux, Linux Kernel, Aff A250 and 19 more | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-27814 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. | |||||
| CVE-2020-27813 | 2 Debian, Gorillatoolkit | 2 Debian Linux, Websocket | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections. | |||||
| CVE-2020-27792 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-11-21 | N/A | 7.1 HIGH |
| A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service. | |||||
| CVE-2020-27783 | 6 Debian, Fedoraproject, Lxml and 3 more | 8 Debian Linux, Fedora, Lxml and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. | |||||
| CVE-2020-27778 | 3 Debian, Freedesktop, Redhat | 3 Debian Linux, Poppler, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the 'pdftohtml' program, would crash the application causing a denial of service. | |||||
| CVE-2020-27775 | 3 Debian, Imagemagick, Redhat | 3 Debian Linux, Imagemagick, Enterprise Linux | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2020-27774 | 3 Debian, Imagemagick, Redhat | 3 Debian Linux, Imagemagick, Enterprise Linux | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2020-27773 | 3 Debian, Imagemagick, Redhat | 3 Debian Linux, Imagemagick, Enterprise Linux | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2020-27772 | 3 Debian, Imagemagick, Redhat | 3 Debian Linux, Imagemagick, Enterprise Linux | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2020-27771 | 3 Debian, Imagemagick, Redhat | 3 Debian Linux, Imagemagick, Enterprise Linux | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2020-27770 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68. | |||||
| CVE-2020-27768 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2020-27767 | 3 Debian, Imagemagick, Redhat | 3 Debian Linux, Imagemagick, Enterprise Linux | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2020-27766 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69. | |||||
| CVE-2020-27765 | 3 Debian, Imagemagick, Redhat | 3 Debian Linux, Imagemagick, Enterprise Linux | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2020-27764 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69. | |||||
| CVE-2020-27763 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. | |||||
| CVE-2020-27762 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. | |||||