Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-31 | CVE-2018-20622 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. | 6.5 |
| 2018-12-30 | CVE-2018-20584 | JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. | 6.5 |
| 2018-12-28 | CVE-2018-20570 | Out-of-bounds Read vulnerability in multiple products jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. | 6.5 |
| 2018-12-28 | CVE-2018-20544 | Divide By Zero vulnerability in multiple products There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. | 6.5 |
| 2018-12-27 | CVE-2018-20511 | Information Exposure vulnerability in multiple products An issue was discovered in the Linux kernel before 4.18.11. | 5.5 |
| 2018-12-26 | CVE-2018-20217 | Reachable Assertion vulnerability in multiple products A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. | 5.3 |
| 2018-12-26 | CVE-2018-20482 | Infinite Loop vulnerability in multiple products GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root). | 4.7 |
| 2018-12-26 | CVE-2018-20481 | NULL Pointer Dereference vulnerability in multiple products XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. | 6.5 |
| 2018-12-26 | CVE-2018-20467 | Infinite Loop vulnerability in multiple products In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. | 6.5 |
| 2018-12-24 | CVE-2018-20431 | NULL Pointer Dereference vulnerability in multiple products GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c. | 6.5 |