This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.
| Package | Bug | Description | Releases |
|---|---|---|---|
| catimg | CVE-2018-16981 | stb stb_image.h 2.19, as used in catimg, Emscripten, and other ... | buster, sid |
| eclipse | CVE-2017-8315 | Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier ... | jessie, sid, stretch |
| golang-go.net-dev | CVE-2018-17846 | The html package (aka x/net/html) through 2018-09-25 in Go mishandles ... | jessie |
| CVE-2018-17847 | The html package (aka x/net/html) through 2018-09-25 in Go mishandles ... | jessie | |
| CVE-2018-17848 | The html package (aka x/net/html) through 2018-09-25 in Go mishandles ... | jessie | |
| golang-golang-x-net-dev | CVE-2018-17846 | The html package (aka x/net/html) through 2018-09-25 in Go mishandles ... | buster, sid, stretch |
| CVE-2018-17847 | The html package (aka x/net/html) through 2018-09-25 in Go mishandles ... | buster, sid, stretch | |
| CVE-2018-17848 | The html package (aka x/net/html) through 2018-09-25 in Go mishandles ... | buster, sid, stretch | |
| hdf5 | CVE-2018-13866 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch |
| CVE-2018-13867 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an out ... | buster, jessie, sid, stretch | |
| CVE-2018-13868 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-13869 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-13870 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-13871 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-13872 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-13873 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-13874 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-13875 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an ... | buster, jessie, sid, stretch | |
| CVE-2018-13876 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-14031 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-14033 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-14034 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an out ... | buster, jessie, sid, stretch | |
| CVE-2018-14035 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-14460 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a ... | buster, jessie, sid, stretch | |
| CVE-2018-15671 | An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack ... | buster, jessie, sid, stretch | |
| CVE-2018-16438 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an out ... | buster, jessie, sid, stretch | |
| CVE-2018-17233 | A SIGFPE signal is raised in the function ... | buster, jessie, sid, stretch | |
| CVE-2018-17234 | Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in ... | buster, jessie, sid, stretch | |
| CVE-2018-17237 | A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of ... | buster, jessie, sid, stretch | |
| CVE-2018-17432 | A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in ... | buster, jessie, sid, stretch | |
| CVE-2018-17433 | A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ... | buster, jessie, sid, stretch | |
| CVE-2018-17434 | A SIGFPE signal is raised in the function apply_filters() of ... | buster, jessie, sid, stretch | |
| CVE-2018-17435 | A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ... | buster, jessie, sid, stretch | |
| CVE-2018-17436 | ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library ... | buster, jessie, sid, stretch | |
| CVE-2018-17437 | Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ... | buster, jessie, sid, stretch | |
| CVE-2018-17438 | A SIGFPE signal is raised in the function H5D__select_io() of ... | buster, jessie, sid, stretch | |
| CVE-2018-17439 | An issue was discovered in the HDF HDF5 1.10.3 library. There is a ... | buster, jessie, sid, stretch | |
| imagemagick | CVE-2018-16329 | In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the ... | buster, sid, stretch |
| jasperreports | CVE-2017-14941 | Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure ... | buster, jessie, sid, stretch |
| CVE-2017-5528 | Multiple JasperReports Server components contain vulnerabilities ... | buster, jessie, sid, stretch | |
| CVE-2017-5529 | JasperReports library components contain an information disclosure ... | buster, jessie, sid, stretch | |
| CVE-2017-5532 | A vulnerability in the report renderer component of TIBCO ... | buster, jessie, sid, stretch | |
| CVE-2017-5533 | A vulnerability in the server content cache of TIBCO JasperReports ... | buster, jessie, sid, stretch | |
| CVE-2018-5429 | A vulnerability in the report scripting component of TIBCO Software ... | buster, sid, stretch | |
| CVE-2018-5430 | The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports ... | buster, sid, stretch | |
| CVE-2018-5431 | The domain designer component of TIBCO Software Inc.'s TIBCO ... | buster, sid, stretch | |
| kfreebsd-10 | CVE-2014-7250 | The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ... | sid, stretch |
| libav | CVE-2015-6761 | The update_dimensions function in libavcodec/vp8.c in FFmpeg through ... | jessie |
| CVE-2015-6818 | The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before ... | jessie | |
| CVE-2015-6820 | The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before ... | jessie | |
| CVE-2015-6821 | The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg ... | jessie | |
| CVE-2015-6822 | The destroy_buffers function in libavcodec/sanm.c in FFmpeg before ... | jessie | |
| CVE-2015-6823 | The allocate_buffers function in libavcodec/alac.c in FFmpeg before ... | jessie | |
| CVE-2015-6824 | The sws_init_context function in libswscale/utils.c in FFmpeg before ... | jessie | |
| CVE-2015-6825 | The ff_frame_thread_init function in libavcodec/pthread_frame.c in ... | jessie | |
| CVE-2015-6826 | The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in ... | jessie | |
| CVE-2015-8216 | The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg ... | jessie | |
| CVE-2015-8217 | The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg ... | jessie | |
| CVE-2015-8219 | The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before ... | jessie | |
| CVE-2015-8363 | The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in ... | jessie | |
| CVE-2015-8364 | Integer overflow in the ff_ivi_init_planes function in ... | jessie | |
| CVE-2015-8661 | The h264_slice_header_init function in libavcodec/h264_slice.c in ... | jessie | |
| CVE-2015-8662 | The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg ... | jessie | |
| CVE-2015-8663 | The ff_get_buffer function in libavcodec/utils.c in FFmpeg before ... | jessie | |
| CVE-2016-10190 | Heap-based buffer overflow in libavformat/http.c in FFmpeg before ... | jessie | |
| CVE-2016-10191 | Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before ... | jessie | |
| CVE-2016-10192 | Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, ... | jessie | |
| CVE-2016-5199 | An off by one error resulting in an allocation of zero size in FFmpeg ... | jessie | |
| CVE-2017-14054 | In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due ... | jessie | |
| CVE-2017-14055 | In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due ... | jessie | |
| CVE-2017-14056 | In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to ... | jessie | |
| CVE-2017-14057 | In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End ... | jessie | |
| CVE-2017-14058 | In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not ... | jessie | |
| CVE-2017-14059 | In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF ... | jessie | |
| CVE-2017-14169 | In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg ... | jessie | |
| CVE-2017-14170 | In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in ... | jessie | |
| CVE-2017-14171 | In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in ... | jessie | |
| CVE-2017-14222 | In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack ... | jessie | |
| CVE-2017-14223 | In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in ... | jessie | |
| CVE-2017-14225 | The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg ... | jessie | |
| CVE-2017-14767 | The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in ... | jessie | |
| CVE-2017-15186 | Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote ... | jessie | |
| CVE-2017-15672 | The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and ... | jessie | |
| CVE-2017-7863 | FFmpeg before 2017-02-04 has an out-of-bounds write caused by a ... | jessie | |
| CVE-2017-7865 | FFmpeg before 2017-01-24 has an out-of-bounds write caused by a ... | jessie | |
| CVE-2017-7866 | FFmpeg before 2017-01-23 has an out-of-bounds write caused by a ... | jessie | |
| CVE-2017-9993 | FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, ... | jessie | |
| CVE-2017-9994 | libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x ... | jessie | |
| CVE-2018-10001 | The decode_init function in libavcodec/utvideodec.c in FFmpeg through ... | jessie | |
| CVE-2018-13300 | In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the ... | jessie | |
| CVE-2018-13301 | In FFmpeg 4.0.1, due to a missing check of a profile value before ... | jessie | |
| CVE-2018-13302 | In FFmpeg 4.0.1, improper handling of frame types (other than ... | jessie | |
| CVE-2018-13303 | In FFmpeg 4.0.1, a missing check for failure of a call to ... | jessie | |
| CVE-2018-13304 | In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency ... | jessie | |
| CVE-2018-13305 | In FFmpeg 4.0.1, due to a missing check for negative values of the ... | jessie | |
| CVE-2018-14394 | libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a ... | jessie | |
| CVE-2018-14395 | libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a ... | jessie | |
| CVE-2018-1999010 | FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains ... | jessie | |
| CVE-2018-1999011 | FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains ... | jessie | |
| CVE-2018-1999012 | FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains ... | jessie | |
| CVE-2018-1999013 | FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains ... | jessie | |
| CVE-2018-1999014 | FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains ... | jessie | |
| CVE-2018-1999015 | FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains ... | jessie | |
| CVE-2018-6392 | The filter_slice function in libavfilter/vf_transpose.c in FFmpeg ... | jessie | |
| CVE-2018-6621 | The decode_frame function in libavcodec/utvideodec.c in FFmpeg through ... | jessie | |
| CVE-2018-6912 | The decode_plane function in libavcodec/utvideodec.c in FFmpeg through ... | jessie | |
| libesedb | CVE-2018-15158 | ** DISPUTED ** The libesedb_page_read_values function in ... | buster, sid, stretch |
| CVE-2018-15159 | ** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c ... | buster, sid, stretch | |
| CVE-2018-15160 | ** DISPUTED ** The libesedb_catalog_definition_read function in ... | buster, sid, stretch | |
| CVE-2018-15161 | ** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c ... | buster, sid, stretch | |
| libgig | CVE-2018-14449 | An issue was discovered in libgig 4.1.0. There is an out of bounds read ... | buster, jessie, sid, stretch |
| CVE-2018-14450 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds read ... | buster, jessie, sid, stretch | |
| CVE-2018-14451 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | buster, jessie, sid, stretch | |
| CVE-2018-14452 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds read ... | buster, jessie, sid, stretch | |
| CVE-2018-14453 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | buster, jessie, sid, stretch | |
| CVE-2018-14454 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds read ... | buster, jessie, sid, stretch | |
| CVE-2018-14455 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds ... | buster, jessie, sid, stretch | |
| CVE-2018-14456 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds ... | buster, jessie, sid, stretch | |
| CVE-2018-14457 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds ... | buster, jessie, sid, stretch | |
| CVE-2018-14458 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | buster, jessie, sid, stretch | |
| CVE-2018-14459 | An issue was discovered in libgig 4.1.0. There is an out-of-bounds ... | buster, jessie, sid, stretch | |
| CVE-2018-18192 | An issue was discovered in libgig 4.1.0. There is a NULL pointer ... | buster, jessie, sid, stretch | |
| CVE-2018-18193 | An issue was discovered in libgig 4.1.0. There is operator new[] ... | buster, jessie, sid, stretch | |
| CVE-2018-18194 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | buster, jessie, sid, stretch | |
| CVE-2018-18195 | An issue discovered in libgig 4.1.0. There is an FPE (divide-by-zero ... | buster, jessie, sid, stretch | |
| CVE-2018-18196 | An issue was discovered in libgig 4.1.0. There is a heap-based buffer ... | buster, jessie, sid, stretch | |
| CVE-2018-18197 | An issue was discovered in libgig 4.1.0. There is an operator new[] ... | buster, jessie, sid, stretch | |
| libxslt | CVE-2016-4607 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch |
| CVE-2016-4608 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch | |
| CVE-2016-4609 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch | |
| CVE-2016-4610 | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ... | buster, jessie, sid, stretch | |
| CVE-2017-2477 | An issue was discovered in certain Apple products. macOS before ... | buster, jessie, sid, stretch | |
| linux | CVE-2018-17977 | The Linux kernel 4.14.67 mishandles certain interaction among XFRM ... | buster, jessie, sid, stretch |
| mariadb-10.0 | CVE-2017-15365 | sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ... | jessie, sid |
| mysql-connector-java | CVE-2018-3258 | Vulnerability in the MySQL Connectors component of Oracle MySQL ... | buster, jessie, sid, stretch |
| netpbm-free | CVE-2017-2579 | An out-of-bounds read vulnerability was found in netpbm before 10.61. ... | buster, jessie, sid, stretch |
| CVE-2017-2580 | An out-of-bounds write vulnerability was found in netpbm before 10.61. ... | buster, jessie, sid, stretch | |
| CVE-2017-2581 | An out-of-bounds write vulnerability was found in netpbm before 10.61. ... | buster, jessie, sid, stretch | |
| open-build-service | CVE-2018-12466 | openSUSE openbuildservice before 9.2.4 allowed authenticated users to ... | sid, stretch |
| CVE-2018-12467 | Authorized users of the openbuildservice before 2.9.4 could delete ... | sid, stretch | |
| percona-xtrabackup | CVE-2017-15365 | sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ... | sid |
| resteasy3.0 | CVE-2016-6345 | RESTEasy allows remote authenticated users to obtain sensitive ... | sid |
| CVE-2016-6346 | RESTEasy enables GZIPInterceptor, which allows remote attackers to ... | sid | |
| CVE-2016-6347 | Cross-site scripting (XSS) vulnerability in the default exception ... | sid | |
| CVE-2016-6348 | JacksonJsonpInterceptor in RESTEasy might allow remote attackers to ... | sid | |
| undertow | CVE-2018-14642 | An information leak vulnerability was found in Undertow. If all ... | sid |