Packages that may be vulnerable but need to be checked (undetermined issues)

This page lists packages that may or may not be affected by known issues. This means that some additional work needs to be done to determined whether the package is actually vulnerable or not. This list is a good area for new contributors to make quick and meaningful contributions.

PackageBugDescriptionReleases
catimgCVE-2018-16981stb stb_image.h 2.19, as used in catimg, Emscripten, and other ...buster, sid
eclipseCVE-2017-8315Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier ...jessie, sid, stretch
golang-go.net-devCVE-2018-17846The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...jessie
CVE-2018-17847The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...jessie
CVE-2018-17848The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...jessie
golang-golang-x-net-devCVE-2018-17846The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...buster, sid, stretch
CVE-2018-17847The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...buster, sid, stretch
CVE-2018-17848The html package (aka x/net/html) through 2018-09-25 in Go mishandles ...buster, sid, stretch
hdf5CVE-2018-13866An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...buster, jessie, sid, stretch
CVE-2018-13867An issue was discovered in the HDF HDF5 1.8.20 library. There is an out ...buster, jessie, sid, stretch
CVE-2018-13868An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...buster, jessie, sid, stretch
CVE-2018-13869An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...buster, jessie, sid, stretch
CVE-2018-13870An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...buster, jessie, sid, stretch
CVE-2018-13871An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...buster, jessie, sid, stretch
CVE-2018-13872An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...buster, jessie, sid, stretch
CVE-2018-13873An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...buster, jessie, sid, stretch
CVE-2018-13874An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...buster, jessie, sid, stretch
CVE-2018-13875An issue was discovered in the HDF HDF5 1.8.20 library. There is an ...buster, jessie, sid, stretch
CVE-2018-13876An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...buster, jessie, sid, stretch
CVE-2018-14031An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...buster, jessie, sid, stretch
CVE-2018-14033An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...buster, jessie, sid, stretch
CVE-2018-14034An issue was discovered in the HDF HDF5 1.8.20 library. There is an out ...buster, jessie, sid, stretch
CVE-2018-14035An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...buster, jessie, sid, stretch
CVE-2018-14460An issue was discovered in the HDF HDF5 1.8.20 library. There is a ...buster, jessie, sid, stretch
CVE-2018-15671An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack ...buster, jessie, sid, stretch
CVE-2018-16438An issue was discovered in the HDF HDF5 1.8.20 library. There is an out ...buster, jessie, sid, stretch
CVE-2018-17233A SIGFPE signal is raised in the function ...buster, jessie, sid, stretch
CVE-2018-17234Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in ...buster, jessie, sid, stretch
CVE-2018-17237A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of ...buster, jessie, sid, stretch
CVE-2018-17432A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in ...buster, jessie, sid, stretch
CVE-2018-17433A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the ...buster, jessie, sid, stretch
CVE-2018-17434A SIGFPE signal is raised in the function apply_filters() of ...buster, jessie, sid, stretch
CVE-2018-17435A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the ...buster, jessie, sid, stretch
CVE-2018-17436ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library ...buster, jessie, sid, stretch
CVE-2018-17437Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ...buster, jessie, sid, stretch
CVE-2018-17438A SIGFPE signal is raised in the function H5D__select_io() of ...buster, jessie, sid, stretch
CVE-2018-17439An issue was discovered in the HDF HDF5 1.10.3 library. There is a ...buster, jessie, sid, stretch
imagemagickCVE-2018-16329In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the ...buster, sid, stretch
jasperreportsCVE-2017-14941Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure ...buster, jessie, sid, stretch
CVE-2017-5528Multiple JasperReports Server components contain vulnerabilities ...buster, jessie, sid, stretch
CVE-2017-5529JasperReports library components contain an information disclosure ...buster, jessie, sid, stretch
CVE-2017-5532A vulnerability in the report renderer component of TIBCO ...buster, jessie, sid, stretch
CVE-2017-5533A vulnerability in the server content cache of TIBCO JasperReports ...buster, jessie, sid, stretch
CVE-2018-5429A vulnerability in the report scripting component of TIBCO Software ...buster, sid, stretch
CVE-2018-5430The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports ...buster, sid, stretch
CVE-2018-5431The domain designer component of TIBCO Software Inc.'s TIBCO ...buster, sid, stretch
kfreebsd-10CVE-2014-7250The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ...sid, stretch
libavCVE-2015-6761The update_dimensions function in libavcodec/vp8.c in FFmpeg through ...jessie
CVE-2015-6818The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before ...jessie
CVE-2015-6820The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before ...jessie
CVE-2015-6821The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg ...jessie
CVE-2015-6822The destroy_buffers function in libavcodec/sanm.c in FFmpeg before ...jessie
CVE-2015-6823The allocate_buffers function in libavcodec/alac.c in FFmpeg before ...jessie
CVE-2015-6824The sws_init_context function in libswscale/utils.c in FFmpeg before ...jessie
CVE-2015-6825The ff_frame_thread_init function in libavcodec/pthread_frame.c in ...jessie
CVE-2015-6826The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in ...jessie
CVE-2015-8216The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg ...jessie
CVE-2015-8217The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg ...jessie
CVE-2015-8219The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before ...jessie
CVE-2015-8363The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in ...jessie
CVE-2015-8364Integer overflow in the ff_ivi_init_planes function in ...jessie
CVE-2015-8661The h264_slice_header_init function in libavcodec/h264_slice.c in ...jessie
CVE-2015-8662The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg ...jessie
CVE-2015-8663The ff_get_buffer function in libavcodec/utils.c in FFmpeg before ...jessie
CVE-2016-10190Heap-based buffer overflow in libavformat/http.c in FFmpeg before ...jessie
CVE-2016-10191Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before ...jessie
CVE-2016-10192Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, ...jessie
CVE-2016-5199An off by one error resulting in an allocation of zero size in FFmpeg ...jessie
CVE-2017-14054In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due ...jessie
CVE-2017-14055In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due ...jessie
CVE-2017-14056In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to ...jessie
CVE-2017-14057In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End ...jessie
CVE-2017-14058In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not ...jessie
CVE-2017-14059In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF ...jessie
CVE-2017-14169In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg ...jessie
CVE-2017-14170In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in ...jessie
CVE-2017-14171In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in ...jessie
CVE-2017-14222In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack ...jessie
CVE-2017-14223In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in ...jessie
CVE-2017-14225The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg ...jessie
CVE-2017-14767The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in ...jessie
CVE-2017-15186Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote ...jessie
CVE-2017-15672The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and ...jessie
CVE-2017-7863FFmpeg before 2017-02-04 has an out-of-bounds write caused by a ...jessie
CVE-2017-7865FFmpeg before 2017-01-24 has an out-of-bounds write caused by a ...jessie
CVE-2017-7866FFmpeg before 2017-01-23 has an out-of-bounds write caused by a ...jessie
CVE-2017-9993FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, ...jessie
CVE-2017-9994libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x ...jessie
CVE-2018-10001The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...jessie
CVE-2018-13300In FFmpeg 4.0.1, an improper argument (AVCodecParameters) passed to the ...jessie
CVE-2018-13301In FFmpeg 4.0.1, due to a missing check of a profile value before ...jessie
CVE-2018-13302In FFmpeg 4.0.1, improper handling of frame types (other than ...jessie
CVE-2018-13303In FFmpeg 4.0.1, a missing check for failure of a call to ...jessie
CVE-2018-13304In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency ...jessie
CVE-2018-13305In FFmpeg 4.0.1, due to a missing check for negative values of the ...jessie
CVE-2018-14394libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a ...jessie
CVE-2018-14395libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a ...jessie
CVE-2018-1999010FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains ...jessie
CVE-2018-1999011FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains ...jessie
CVE-2018-1999012FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains ...jessie
CVE-2018-1999013FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains ...jessie
CVE-2018-1999014FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains ...jessie
CVE-2018-1999015FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains ...jessie
CVE-2018-6392The filter_slice function in libavfilter/vf_transpose.c in FFmpeg ...jessie
CVE-2018-6621The decode_frame function in libavcodec/utvideodec.c in FFmpeg through ...jessie
CVE-2018-6912The decode_plane function in libavcodec/utvideodec.c in FFmpeg through ...jessie
libesedbCVE-2018-15158** DISPUTED ** The libesedb_page_read_values function in ...buster, sid, stretch
CVE-2018-15159** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c ...buster, sid, stretch
CVE-2018-15160** DISPUTED ** The libesedb_catalog_definition_read function in ...buster, sid, stretch
CVE-2018-15161** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c ...buster, sid, stretch
libgigCVE-2018-14449An issue was discovered in libgig 4.1.0. There is an out of bounds read ...buster, jessie, sid, stretch
CVE-2018-14450An issue was discovered in libgig 4.1.0. There is an out-of-bounds read ...buster, jessie, sid, stretch
CVE-2018-14451An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...buster, jessie, sid, stretch
CVE-2018-14452An issue was discovered in libgig 4.1.0. There is an out-of-bounds read ...buster, jessie, sid, stretch
CVE-2018-14453An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...buster, jessie, sid, stretch
CVE-2018-14454An issue was discovered in libgig 4.1.0. There is an out-of-bounds read ...buster, jessie, sid, stretch
CVE-2018-14455An issue was discovered in libgig 4.1.0. There is an out-of-bounds ...buster, jessie, sid, stretch
CVE-2018-14456An issue was discovered in libgig 4.1.0. There is an out-of-bounds ...buster, jessie, sid, stretch
CVE-2018-14457An issue was discovered in libgig 4.1.0. There is an out-of-bounds ...buster, jessie, sid, stretch
CVE-2018-14458An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...buster, jessie, sid, stretch
CVE-2018-14459An issue was discovered in libgig 4.1.0. There is an out-of-bounds ...buster, jessie, sid, stretch
CVE-2018-18192An issue was discovered in libgig 4.1.0. There is a NULL pointer ...buster, jessie, sid, stretch
CVE-2018-18193An issue was discovered in libgig 4.1.0. There is operator new[] ...buster, jessie, sid, stretch
CVE-2018-18194An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...buster, jessie, sid, stretch
CVE-2018-18195An issue discovered in libgig 4.1.0. There is an FPE (divide-by-zero ...buster, jessie, sid, stretch
CVE-2018-18196An issue was discovered in libgig 4.1.0. There is a heap-based buffer ...buster, jessie, sid, stretch
CVE-2018-18197An issue was discovered in libgig 4.1.0. There is an operator new[] ...buster, jessie, sid, stretch
libxsltCVE-2016-4607libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch
CVE-2016-4608libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch
CVE-2016-4609libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch
CVE-2016-4610libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...buster, jessie, sid, stretch
CVE-2017-2477An issue was discovered in certain Apple products. macOS before ...buster, jessie, sid, stretch
linuxCVE-2018-17977The Linux kernel 4.14.67 mishandles certain interaction among XFRM ...buster, jessie, sid, stretch
mariadb-10.0CVE-2017-15365sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...jessie, sid
mysql-connector-javaCVE-2018-3258Vulnerability in the MySQL Connectors component of Oracle MySQL ...buster, jessie, sid, stretch
netpbm-freeCVE-2017-2579An out-of-bounds read vulnerability was found in netpbm before 10.61. ...buster, jessie, sid, stretch
CVE-2017-2580An out-of-bounds write vulnerability was found in netpbm before 10.61. ...buster, jessie, sid, stretch
CVE-2017-2581An out-of-bounds write vulnerability was found in netpbm before 10.61. ...buster, jessie, sid, stretch
open-build-serviceCVE-2018-12466openSUSE openbuildservice before 9.2.4 allowed authenticated users to ...sid, stretch
CVE-2018-12467Authorized users of the openbuildservice before 2.9.4 could delete ...sid, stretch
percona-xtrabackupCVE-2017-15365sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...sid
resteasy3.0CVE-2016-6345RESTEasy allows remote authenticated users to obtain sensitive ...sid
CVE-2016-6346RESTEasy enables GZIPInterceptor, which allows remote attackers to ...sid
CVE-2016-6347Cross-site scripting (XSS) vulnerability in the default exception ...sid
CVE-2016-6348JacksonJsonpInterceptor in RESTEasy might allow remote attackers to ...sid
undertowCVE-2018-14642An information leak vulnerability was found in Undertow. If all ...sid

Search for package or bug name: Reporting problems