Canonical Ubuntu Linux vulnerabilities

CVE-2018-16646 [MEDIUM] CWE-835 CVE-2018-16646: In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a cra In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack.

CVE-2018-16643 [MEDIUM] CWE-252 CVE-2018-16643: The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/ca The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file.

CVE-2018-16645 [MEDIUM] CWE-770 CVE-2018-16645: There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and Read There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file.

CVE-2018-16642 [MEDIUM] CWE-787 CVE-2018-16642: The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a de The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write.

CVE-2018-16640 [MEDIUM] CWE-772 CVE-2018-16640: ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c.

CVE-2018-0502 [CRITICAL] CWE-20 CVE-2018-0502: An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potenti An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.

CVE-2018-14618 [CRITICAL] CVE-2018-14618: curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The in curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate outpu

CVE-2018-13259 [CRITICAL] CWE-20 CVE-2018-13259: An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, pot An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.

CVE-2018-16513 [HIGH] CWE-704 CVE-2018-16513: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a ty In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the setcolor function to crash the interpreter or possibly have unspecified other impact.

CVE-2018-16511 [HIGH] CWE-704 CVE-2018-16511: An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be use An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in "ztype" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.

CVE-2018-16540 [HIGH] CWE-416 CVE-2018-16540: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.

CVE-2018-16509 [HIGH] CWE-184 CVE-2018-16509: An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" che An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.

CVE-2018-16510 [HIGH] CWE-119 CVE-2018-16510: An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS An issue was discovered in Artifex Ghostscript before 9.24. Incorrect exec stack handling in the "CS" and "SC" PDF primitives could be used by remote attackers able to supply crafted PDFs to crash the interpreter or possibly have unspecified other impact.

CVE-2018-16543 [HIGH] CVE-2018-16543: In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an u In Artifex Ghostscript before 9.24, gssetresolution and gsgetresolution allow attackers to have an unspecified impact.

CVE-2018-16542 [MEDIUM] CWE-787 CVE-2018-16542: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insu In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.

CVE-2018-16541 [MEDIUM] CWE-416 CVE-2018-16541: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use inco In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.

CVE-2018-16539 [MEDIUM] CWE-200 CVE-2018-16539: In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use inco In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.

CVE-2018-16428 [CRITICAL] CWE-476 CVE-2018-16428: In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference.

CVE-2018-16429 [HIGH] CWE-125 CVE-2018-16429: GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmark GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().

CVE-2018-6555 [HIGH] CWE-416 CVE-2018-6555: The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c i The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket.