Vulnerabilities > Canonical > Ubuntu Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-09-06 CVE-2018-16642 Out-of-bounds Write vulnerability in multiple products
The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.
4.3
2018-09-06 CVE-2018-16640 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.
4.3
2018-09-05 CVE-2018-16542 Out-of-bounds Write vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.
local
low complexity
artifex redhat debian canonical CWE-787
5.5
2018-09-05 CVE-2018-16541 Use After Free vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.
local
low complexity
artifex canonical debian redhat CWE-416
5.5
2018-09-05 CVE-2018-16539 Information Exposure vulnerability in multiple products
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
local
low complexity
artifex canonical debian redhat CWE-200
5.5
2018-09-04 CVE-2018-6554 Missing Release of Resource after Effective Lifetime vulnerability in Linux Kernel
Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.
local
low complexity
linux canonical debian CWE-772
4.9
2018-09-04 CVE-2018-16435 Integer Overflow or Wraparound vulnerability in multiple products
Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a crafted file in the second argument to cmsIT8LoadFromFile.
4.3
2018-09-02 CVE-2018-16336 Out-of-bounds Read vulnerability in multiple products
Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999.
4.3
2018-09-01 CVE-2018-16323 Information Exposure vulnerability in multiple products
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value.
4.3
2018-08-30 CVE-2018-16140 Out-of-bounds Write vulnerability in multiple products
A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.
6.8