Canonical Ubuntu Linux vulnerabilities

CVE-2017-16909 [HIGH] CWE-119 CVE-2017-16909: An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw version An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.

CVE-2018-5807 [HIGH] CWE-125 CVE-2018-5807: An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions pri An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

CVE-2018-19931 [HIGH] CWE-787 CVE-2018-19931: An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted.

CVE-2018-9518 [HIGH] CWE-787 CVE-2018-9518: In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a mis In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.

CVE-2018-5810 [HIGH] CWE-787 CVE-2018-5810: An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prio An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

CVE-2018-5801 [MEDIUM] CWE-476 CVE-2018-5801: An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.1 An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.

CVE-2017-16910 [MEDIUM] CWE-125 CVE-2017-16910: An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw ve An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.

CVE-2018-5813 [MEDIUM] CWE-835 CVE-2018-5813: An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 c An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.

CVE-2018-5800 [MEDIUM] CWE-193 CVE-2018-5800: An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

CVE-2018-5811 [MEDIUM] CWE-125 CVE-2018-5811: An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versi An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.

CVE-2018-5812 [MEDIUM] CWE-476 CVE-2018-5812: An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versi An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.

CVE-2018-5816 [MEDIUM] CVE-2018-5816: An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw ver An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804).

CVE-2018-5815 [MEDIUM] CWE-190 CVE-2018-5815: An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw ver An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.

CVE-2018-9568 [HIGH] CWE-704 CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.

CVE-2018-18312 [CRITICAL] CWE-119 CVE-2018-18312: Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression t Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-19840 [MEDIUM] CWE-835 CVE-2018-19840: The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attacke The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero.

CVE-2018-19854 [MEDIUM] CVE-2018-19854: An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability becaus

CVE-2018-19841 [MEDIUM] CWE-125 CVE-2018-19841: The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allow The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack.

CVE-2018-19788 [HIGH] CWE-20 CVE-2018-19788: A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

CVE-2018-19824 [HIGH] CWE-416 CVE-2018-19824: In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver b In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.