Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-30 | CVE-2018-20584 | JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. | 6.5 |
| 2018-12-28 | CVE-2018-20570 | Out-of-bounds Read vulnerability in multiple products jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. | 4.3 |
| 2018-12-28 | CVE-2018-20544 | Divide By Zero vulnerability in multiple products There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. | 4.3 |
| 2018-12-28 | CVE-2018-1000888 | Deserialization of Untrusted Data vulnerability in multiple products PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. | 6.8 |
| 2018-12-26 | CVE-2018-20217 | Reachable Assertion vulnerability in multiple products A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. | 5.3 |
| 2018-12-26 | CVE-2018-19870 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Qt before 5.11.3. | 6.8 |
| 2018-12-26 | CVE-2018-15518 | Double Free vulnerability in multiple products QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. | 6.8 |
| 2018-12-26 | CVE-2018-20481 | NULL Pointer Dereference vulnerability in multiple products XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc. | 4.3 |
| 2018-12-26 | CVE-2018-20467 | Infinite Loop vulnerability in multiple products In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. | 4.3 |
| 2018-12-24 | CVE-2018-20431 | NULL Pointer Dereference vulnerability in multiple products GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c. | 4.3 |