Skip to content

Instantly share code, notes, and snippets.

@dtrudg

dtrudg/singularity_clair.txt

Last active November 5, 2017 18:52
Show Gist options
  • Save dtrudg/479797e5f48cfe39cdb4b50a15e4c567 to your computer and use it in GitHub Desktop.
Save dtrudg/479797e5f48cfe39cdb4b50a15e4c567 to your computer and use it in GitHub Desktop.
Download ZIP
Singularity Container Scan with Clair
Raw
singularity_clair.txt
# Put the singularity image into a .tar.gz
singularity export ubuntu-blender.img > ubuntu-blender.tar
gzip ubuntu-blender.tar
# Get the SHA256 hash, which we'll use as a container name for Clair
sha256sum ubuntu-blender.tar.gz
# NOW - you need to upload the .tar.gz somewhere accessible over http from
# the Clair backend - it will pull it from there. I've used our BioHPC owncloud
# instance, so the image is available via an https URI.
# Start the Clair backend db (ready populated thanks to arminc)
# https://github.com/arminc/clair-local-scan
docker run -d --name db arminc/clair-db:2017-08-21
# Start the Clair server
docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.0
# Tell Clair to pull our singularity image, as a parentless docker layer
curl --data '{ "Layer": { "Name": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b", "Path": "https://cloud.biohpc.swmed.edu/index.php/s/m2EpOxV4rDsRdSd/download", "Format": "Docker" }}' --request "POST" "http://localhost:6060/v1/layers"
# Get the vulnerabilities for our layer
curl --request "GET" "http://localhost:6060/v1/layers/5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b?vulnerabilities" | python -m json.tool
# Here's the example output
{
"Layer": {
"Features": [
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "xml-core",
"NamespaceName": "ubuntu:16.04",
"Version": "0.13+nmu2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "gmp",
"NamespaceName": "ubuntu:16.04",
"Version": "2:6.1.0+dfsg-2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "giflib",
"NamespaceName": "ubuntu:16.04",
"Version": "5.1.4-0.3~16.04",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libdc1394-22",
"NamespaceName": "ubuntu:16.04",
"Version": "2.2.4-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "flite",
"NamespaceName": "ubuntu:16.04",
"Version": "2.0.0-release-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "graphite2",
"NamespaceName": "ubuntu:16.04",
"Version": "1.3.6-1ubuntu1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "Graphite2 use of uninitialized memory [@ graphite2::GlyphCache::Loader:: read_glyph]",
"FixedBy": "1.3.10-0ubuntu0.16.04.1",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7777",
"Name": "CVE-2017-7777",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Graphite2 lz4::decompress out of bounds write",
"FixedBy": "1.3.10-0ubuntu0.16.04.1",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7778",
"Name": "CVE-2017-7778",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Graphite2 heap-buffer-overflow read [@ graphite2::Silf::getClassGlyph]",
"FixedBy": "1.3.10-0ubuntu0.16.04.1",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7776",
"Name": "CVE-2017-7776",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Graphite2 out of bounds read [@ graphite2::Pass::readPass]",
"FixedBy": "1.3.10-0ubuntu0.16.04.1",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7771",
"Name": "CVE-2017-7771",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Graphite2 heap-buffer-overflow write [@ lz4::decompress] src/Decompressor",
"FixedBy": "1.3.10-0ubuntu0.16.04.1",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7773",
"Name": "CVE-2017-7773",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Graphite2 Assertion 'size() > n' failed",
"FixedBy": "1.3.10-0ubuntu0.16.04.1",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7775",
"Name": "CVE-2017-7775",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Graphite2 heap-buffer-overflow write [@ lz4::decompress]",
"FixedBy": "1.3.10-0ubuntu0.16.04.1",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7772",
"Name": "CVE-2017-7772",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Graphite2 out of bounds read [@ graphite2::Silf::readGraphite]",
"FixedBy": "1.3.10-0ubuntu0.16.04.1",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7774",
"Name": "CVE-2017-7774",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "virtualgl",
"NamespaceName": "ubuntu:16.04",
"Version": "2.5.2-20170302",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "shine",
"NamespaceName": "ubuntu:16.04",
"Version": "3.1.0-4",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "lapack",
"NamespaceName": "ubuntu:16.04",
"Version": "3.6.0-2ubuntu2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libwebp",
"NamespaceName": "ubuntu:16.04",
"Version": "0.4.4-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "numactl",
"NamespaceName": "ubuntu:16.04",
"Version": "2.0.11-1ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "insserv",
"NamespaceName": "ubuntu:16.04",
"Version": "1.14.0-5ubuntu3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "shadow",
"NamespaceName": "ubuntu:16.04",
"Version": "1:4.2-3.1ubuntu5.3",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12424",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-12424",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "TOCTOU race conditions by copying and removing directory trees",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4235",
"Name": "CVE-2013-4235",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "llvm-toolchain-3.8",
"NamespaceName": "ubuntu:16.04",
"Version": "1:3.8-2ubuntu4",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxau",
"NamespaceName": "ubuntu:16.04",
"Version": "1:1.0.8-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "dpkg",
"NamespaceName": "ubuntu:16.04",
"Version": "1.18.4ubuntu1.2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8283",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-8283",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "software-properties",
"NamespaceName": "ubuntu:16.04",
"Version": "0.96.20.7",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "grep",
"NamespaceName": "ubuntu:16.04",
"Version": "2.25-1~16.04.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "diffutils",
"NamespaceName": "ubuntu:16.04",
"Version": "1:3.3-3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "krb5",
"NamespaceName": "ubuntu:16.04",
"Version": "1.13.2+dfsg-5ubuntu2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3120",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4,
"Vectors": "AV:N/AC:L/Au:S/C:N/I:N"
}
}
},
"Name": "CVE-2016-3120",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8631",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:L/Au:S/C:N/I:N"
}
}
},
"Name": "CVE-2015-8631",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8629",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 2.1,
"Vectors": "AV:N/AC:H/Au:S/C:P/I:N"
}
}
},
"Name": "CVE-2015-8629",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11368",
"Name": "CVE-2017-11368",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3119",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 3.5,
"Vectors": "AV:N/AC:M/Au:S/C:N/I:N"
}
}
},
"Name": "CVE-2016-3119",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8630",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2015-8630",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "xorg",
"NamespaceName": "ubuntu:16.04",
"Version": "1:7.7+13ubuntu3",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "ML-Date: 2012-02-28 17:01:19, ML-Subject: Re: [oss-security] CVE request: init script x11-common creates directories in insecure manners",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-1093",
"Name": "CVE-2012-1093",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "gdk-pixbuf",
"NamespaceName": "ubuntu:16.04",
"Version": "2.32.2-1ubuntu1.2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6313",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-6313",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6312",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-6312",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6311",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-6311",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6314",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-6314",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libva",
"NamespaceName": "ubuntu:16.04",
"Version": "1.7.0-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxml2",
"NamespaceName": "ubuntu:16.04",
"Version": "2.9.3+dfsg1-1ubuntu0.2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8872",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.4,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:N"
}
}
},
"Name": "CVE-2017-8872",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4616, and CVE-2016-4619.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4615",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-4615",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9049",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9049",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Incorrect limit used for port values",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7376",
"Name": "CVE-2017-7376",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the \"libxml2\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7013",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-7013",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4615, and CVE-2016-4619.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4616",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-4616",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-0663",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-0663",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"libxml2\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7010",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-7010",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5969",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 2.6,
"Vectors": "AV:N/AC:H/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-5969",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9050",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9050",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9318",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-9318",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "Missing validation for external entities in xmlParsePEReference",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7375",
"Name": "CVE-2017-7375",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9048",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9048",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4615, CVE-2016-4616, and CVE-2016-4619.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4614",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-4614",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9047",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9047",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxshmfence",
"NamespaceName": "ubuntu:16.04",
"Version": "1.2-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "pulseaudio",
"NamespaceName": "ubuntu:16.04",
"Version": "1:8.0-0ubuntu3.2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libaacs",
"NamespaceName": "ubuntu:16.04",
"Version": "0.8.1-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "readline6",
"NamespaceName": "ubuntu:16.04",
"Version": "6.3-8ubuntu2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "xvidcore",
"NamespaceName": "ubuntu:16.04",
"Version": "2:1.3.4-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "bzip2",
"NamespaceName": "ubuntu:16.04",
"Version": "1.0.6-8",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3189",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-3189",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "opencolorio",
"NamespaceName": "ubuntu:16.04",
"Version": "1.0.9~dfsg0-4",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "shared-mime-info",
"NamespaceName": "ubuntu:16.04",
"Version": "1.5-2ubuntu0.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "game-music-emu",
"NamespaceName": "ubuntu:16.04",
"Version": "0.6.0-3ubuntu0.16.04.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxmu",
"NamespaceName": "ubuntu:16.04",
"Version": "2:1.1.2-2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "openssl",
"NamespaceName": "ubuntu:16.04",
"Version": "1.0.2g-1ubuntu4.8",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libraw",
"NamespaceName": "ubuntu:16.04",
"Version": "0.17.1-1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "A boundary error within the \"parse_tiff_ifd()\" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to \"DSLR-A100\" and containing multiple sequences of 0x100 and 0x14A TAGs.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6887",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-6887",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "An error within the \"parse_tiff_ifd()\" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to corrupt memory.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6886",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-6886",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "heimdal",
"NamespaceName": "ubuntu:16.04",
"Version": "1.7~git20150920+dfsg-4ubuntu1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The previous hop realm is inadvertently not added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6594",
"Name": "CVE-2017-6594",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated.",
"FixedBy": "1.7~git20150920+dfsg-4ubuntu1.16.04.1",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11103",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-11103",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "json-c",
"NamespaceName": "ubuntu:16.04",
"Version": "0.11-4ubuntu2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxdamage",
"NamespaceName": "ubuntu:16.04",
"Version": "1:1.1.4-2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "gccgo-6",
"NamespaceName": "ubuntu:16.04",
"Version": "6.0.1-0ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "bash",
"NamespaceName": "ubuntu:16.04",
"Version": "4.3-14ubuntu1.2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "adduser",
"NamespaceName": "ubuntu:16.04",
"Version": "3.113+nmu3ubuntu4",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "curl",
"NamespaceName": "ubuntu:16.04",
"Version": "7.47.0-1ubuntu2.2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "libcurl's implementation of the printf() functions triggers a buffer overflow when doing a large floating point output. The bug occurs when the conversion outputs more than 255 bytes. This flaw does not exist in the command line tool.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9586",
"Name": "CVE-2016-9586",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "IDNA 2003 makes curl use wrong host",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8625",
"Name": "CVE-2016-8625",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "TFTP sends more than buffer size (information leak)",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000100",
"Name": "CVE-2017-1000100",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "URL globbing out of bounds read",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000101",
"Name": "CVE-2017-1000101",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7407",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 2.1,
"Vectors": "AV:L/AC:L/Au:N/C:P/I:N"
}
}
},
"Name": "CVE-2017-7407",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "findutils",
"NamespaceName": "ubuntu:16.04",
"Version": "4.6.0+git+20160126-2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "tcp-wrappers",
"NamespaceName": "ubuntu:16.04",
"Version": "7.6.q-25",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libx11",
"NamespaceName": "ubuntu:16.04",
"Version": "2:1.6.3-1ubuntu2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The XGetImage function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving image type and geometry, which triggers out-of-bounds read operations.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7942",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-7942",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The XListFonts function in X.org libX11 before 1.6.4 might allow remote X servers to gain privileges via vectors involving length fields, which trigger out-of-bounds write operations.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7943",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-7943",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "p11-kit",
"NamespaceName": "ubuntu:16.04",
"Version": "0.23.2-5~ubuntu16.04.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "openjpeg",
"NamespaceName": "ubuntu:16.04",
"Version": "1:1.5.2-3.1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-1273",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2015-1273",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9675",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-9675",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5139",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-5139",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7947",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2014-7947",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4290",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 10,
"Vectors": "AV:N/AC:L/Au:N/C:C/I:C"
}
}
},
"Name": "CVE-2013-4290",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4289",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 10,
"Vectors": "AV:N/AC:L/Au:N/C:C/I:C"
}
}
},
"Name": "CVE-2013-4289",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5159",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-5159",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7163",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-7163",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7945",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2014-7945",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5158",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-5158",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libsm",
"NamespaceName": "ubuntu:16.04",
"Version": "2:1.2.2-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "crystalhd",
"NamespaceName": "ubuntu:16.04",
"Version": "1:0.0~git20110715.fdd2f19-11build1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libjpeg-turbo",
"NamespaceName": "ubuntu:16.04",
"Version": "1.4.2-0ubuntu3",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9614",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-9614",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "tinyxml",
"NamespaceName": "ubuntu:16.04",
"Version": "2.6.2-3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "kmod",
"NamespaceName": "ubuntu:16.04",
"Version": "22-1ubuntu4",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libseccomp",
"NamespaceName": "ubuntu:16.04",
"Version": "2.2.3-3ubuntu3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "lsb",
"NamespaceName": "ubuntu:16.04",
"Version": "9.20160110ubuntu0.2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "cron",
"NamespaceName": "ubuntu:16.04",
"Version": "3.0pl1-128ubuntu2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9525",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.9,
"Vectors": "AV:L/AC:M/Au:N/C:C/I:C"
}
}
},
"Name": "CVE-2017-9525",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "fftw3",
"NamespaceName": "ubuntu:16.04",
"Version": "3.3.4-2ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libgpg-error",
"NamespaceName": "ubuntu:16.04",
"Version": "1.21-2ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxt",
"NamespaceName": "ubuntu:16.04",
"Version": "1:1.1.5-0ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libvpx",
"NamespaceName": "ubuntu:16.04",
"Version": "1.5.0-2ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libiec61883",
"NamespaceName": "ubuntu:16.04",
"Version": "1.2.0-0.2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libdrm",
"NamespaceName": "ubuntu:16.04",
"Version": "2.4.70-1~ubuntu16.04.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "opensubdiv",
"NamespaceName": "ubuntu:16.04",
"Version": "3.1.1-0thomas~xenial1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "init-system-helpers",
"NamespaceName": "ubuntu:16.04",
"Version": "1.29ubuntu4",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "gcc-5",
"NamespaceName": "ubuntu:16.04",
"Version": "5.4.0-6ubuntu1~16.04.4",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "coreutils",
"NamespaceName": "ubuntu:16.04",
"Version": "8.25-2ubuntu2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 2.1,
"Vectors": "AV:L/AC:L/Au:N/C:N/I:P"
}
}
},
"Name": "CVE-2016-2781",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "vdpau-video",
"NamespaceName": "ubuntu:16.04",
"Version": "0.7.4-5",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libsndfile",
"NamespaceName": "ubuntu:16.04",
"Version": "1.0.25-10ubuntu0.16.04.1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "In libsndfile version 1.0.28, an error in the \"aiff_read_chanmap()\" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6892",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-6892",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12562",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-12562",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "intel-vaapi-driver",
"NamespaceName": "ubuntu:16.04",
"Version": "1.7.0-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "harfbuzz",
"NamespaceName": "ubuntu:16.04",
"Version": "1.0.1-1ubuntu0.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "python-apt",
"NamespaceName": "ubuntu:16.04",
"Version": "1.1.0~beta1build1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libsepol",
"NamespaceName": "ubuntu:16.04",
"Version": "2.4-2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "glib2.0",
"NamespaceName": "ubuntu:16.04",
"Version": "2.48.2-0ubuntu1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-0039",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2012-0039",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "ubuntu-keyring",
"NamespaceName": "ubuntu:16.04",
"Version": "2012.05.19",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "mawk",
"NamespaceName": "ubuntu:16.04",
"Version": "1.3.3-17ubuntu2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libbdplus",
"NamespaceName": "ubuntu:16.04",
"Version": "0.1.2-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libasyncns",
"NamespaceName": "ubuntu:16.04",
"Version": "0.8-5build1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libmodplug",
"NamespaceName": "ubuntu:16.04",
"Version": "1:0.8.8.5-2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "Integer overflow in the abc_set_parts function in load_abc.cpp in libmodplug 0.8.8.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted P header in an ABC file, which triggers a heap-based buffer overflow.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4233",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2013-4233",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4234",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2013-4234",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "jemalloc",
"NamespaceName": "ubuntu:16.04",
"Version": "3.6.0-9ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "expat",
"NamespaceName": "ubuntu:16.04",
"Version": "2.1.0-7ubuntu0.16.04.2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.",
"FixedBy": "2.1.0-7ubuntu0.16.04.3",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9233",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9233",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "dash",
"NamespaceName": "ubuntu:16.04",
"Version": "0.5.8-2.1ubuntu2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "glibc",
"NamespaceName": "ubuntu:16.04",
"Version": "2.23-0ubuntu9",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12132",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:P"
}
}
},
"Name": "CVE-2017-12132",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5180",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2015-5180",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8804",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.8,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-8804",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8985",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2015-8985",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10228",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-10228",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libssh",
"NamespaceName": "ubuntu:16.04",
"Version": "0.6.3-4.3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "sensible-utils",
"NamespaceName": "ubuntu:16.04",
"Version": "0.0.9",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "pam",
"NamespaceName": "ubuntu:16.04",
"Version": "1.1.8-3.2ubuntu2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxcursor",
"NamespaceName": "ubuntu:16.04",
"Version": "1:1.1.14-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "opus",
"NamespaceName": "ubuntu:16.04",
"Version": "1.1.2-1ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "dbus-glib",
"NamespaceName": "ubuntu:16.04",
"Version": "0.106-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "makedev",
"NamespaceName": "ubuntu:16.04",
"Version": "2.3.1-93ubuntu2~ubuntu16.04.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "speex",
"NamespaceName": "ubuntu:16.04",
"Version": "1.2~rc1.2-1ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "cairo",
"NamespaceName": "ubuntu:16.04",
"Version": "1.14.6-1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9082",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-9082",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7475",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-7475",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9814",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9814",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "file",
"NamespaceName": "ubuntu:16.04",
"Version": "1:5.25-2ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "pangox-compat",
"NamespaceName": "ubuntu:16.04",
"Version": "0.0.2-5",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libgsm",
"NamespaceName": "ubuntu:16.04",
"Version": "1.0.13-4",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libraw1394",
"NamespaceName": "ubuntu:16.04",
"Version": "2.1.1-2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libglu",
"NamespaceName": "ubuntu:16.04",
"Version": "9.0.0-2.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libselinux",
"NamespaceName": "ubuntu:16.04",
"Version": "2.4-3build2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "gnutls28",
"NamespaceName": "ubuntu:16.04",
"Version": "3.4.10-4ubuntu1.3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "lame",
"NamespaceName": "ubuntu:16.04",
"Version": "3.99.5+repack1-9build1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9412",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9412",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9410",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9410",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9411",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9411",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11720",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-11720",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "zeromq3",
"NamespaceName": "ubuntu:16.04",
"Version": "4.1.4-7",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "flac",
"NamespaceName": "ubuntu:16.04",
"Version": "1.3.1-4",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "procps",
"NamespaceName": "ubuntu:16.04",
"Version": "2:3.3.10-4ubuntu2.3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "x264",
"NamespaceName": "ubuntu:16.04",
"Version": "2:0.148.2643+git5c65704-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libffi",
"NamespaceName": "ubuntu:16.04",
"Version": "3.2.1-4",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libsdl1.2",
"NamespaceName": "ubuntu:16.04",
"Version": "1.2.15+dfsg1-3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "apparmor",
"NamespaceName": "ubuntu:16.04",
"Version": "2.10.95-0ubuntu2.6",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "mount rules grant excessive permissions",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1585",
"Name": "CVE-2016-1585",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libcap-ng",
"NamespaceName": "ubuntu:16.04",
"Version": "0.7.7-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libsodium",
"NamespaceName": "ubuntu:16.04",
"Version": "1.0.8-5",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "v4l-utils",
"NamespaceName": "ubuntu:16.04",
"Version": "1.10.0-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxinerama",
"NamespaceName": "ubuntu:16.04",
"Version": "2:1.1.3-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libsoxr",
"NamespaceName": "ubuntu:16.04",
"Version": "0.1.2-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "mpdecimal",
"NamespaceName": "ubuntu:16.04",
"Version": "2.4.2-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "e2fsprogs",
"NamespaceName": "ubuntu:16.04",
"Version": "1.42.13-1ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxdmcp",
"NamespaceName": "ubuntu:16.04",
"Version": "1:1.1.2-1.1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "Weak entropy usage for session keys in libxdm",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2625",
"Name": "CVE-2017-2625",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libdatrie",
"NamespaceName": "ubuntu:16.04",
"Version": "0.2.10-2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxrender",
"NamespaceName": "ubuntu:16.04",
"Version": "1:0.9.9-0ubuntu1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The XRenderQueryFilters function in X.org libXrender before 0.9.10 allows remote X servers to trigger out-of-bounds write operations via vectors involving filter name lengths.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7950",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-7950",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7949",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-7949",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "yaml-cpp0.3",
"NamespaceName": "ubuntu:16.04",
"Version": "0.3.0-1.2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The function \"Token& Scanner::peek\" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11692",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-11692",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "blender",
"NamespaceName": "ubuntu:16.04",
"Version": "2.78c~1487946787-0thomas~xenial1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxfixes",
"NamespaceName": "ubuntu:16.04",
"Version": "1:5.0.1-2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7944",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-7944",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "hostname",
"NamespaceName": "ubuntu:16.04",
"Version": "3.16ubuntu2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libcaca",
"NamespaceName": "ubuntu:16.04",
"Version": "0.99.beta19-2build2~gcc5.2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "opencv",
"NamespaceName": "ubuntu:16.04",
"Version": "2.4.9.1+dfsg-1.5ubuntu1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1516",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-1516",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1517",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-1517",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "cups",
"NamespaceName": "ubuntu:16.04",
"Version": "2.1.3-4",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "dbus-python",
"NamespaceName": "ubuntu:16.04",
"Version": "1.2.0-3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libcdio",
"NamespaceName": "ubuntu:16.04",
"Version": "0.83-4.2ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "elfutils",
"NamespaceName": "ubuntu:16.04",
"Version": "0.165-3ubuntu1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10255",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-10255",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10254",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-10254",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7611",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-7611",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7613",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-7613",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7612",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-7612",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7610",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-7610",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "elf_compress.c in elfutils 0.168 does not validate the zlib compression factor, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7609",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-7609",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The ebl_object_note_type_name function in eblobjnotetypename.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7608",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-7608",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7607",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-7607",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "pycurl",
"NamespaceName": "ubuntu:16.04",
"Version": "7.43.0-1ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxcomposite",
"NamespaceName": "ubuntu:16.04",
"Version": "1:0.4.4-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "jasper",
"NamespaceName": "ubuntu:16.04",
"Version": "1.900.1-debian1-2.4ubuntu1.1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The jas_malloc function in libjasper/base/jas_malloc.c in JasPer before 1.900.11 allows remote attackers to have unspecified impact via a crafted file, which triggers a memory allocation failure.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8886",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-8886",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9398",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-9398",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8883",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-8883",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9397",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-9397",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5504",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-5504",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9399",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-9399",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6852",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-6852",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5505",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-5505",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9393",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-9393",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8884",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-8884",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9600",
"Name": "CVE-2016-9600",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9392",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-9392",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5502",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-5502",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8690",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-8690",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5500",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-5500",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5499",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-5499",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9389",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-9389",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5503",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-5503",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "JasPer 2.0.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the jp2_decode function in libjasper/jp2/jp2_dec.c.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9782",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9782",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9387",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-9387",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9388",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-9388",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9394",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-9394",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9390",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-9390",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8885",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-8885",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6850",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-6850",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5203",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2015-5203",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5498",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-5498",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9395",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-9395",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9557",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-9557",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6851",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-6851",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5221",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2015-5221",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10248",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-10248",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The JPC_NOMINALGAIN function in jpc_t1cod.c in JasPer before 1.900.12 allows remote attackers to cause a denial of service (assertion failure) via unspecified vectors.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9396",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-9396",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (NULL pointer dereference).",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-8887",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-8887",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5501",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-5501",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9391",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-9391",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "python-numpy",
"NamespaceName": "ubuntu:16.04",
"Version": "1:1.11.0-1ubuntu1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "Insecure temporary file use in __init__.py",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1858",
"Name": "CVE-2014-1858",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "Insecure temporary file uses",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-1859",
"Name": "CVE-2014-1859",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "slang2",
"NamespaceName": "ubuntu:16.04",
"Version": "2.3.0-2ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "freetype",
"NamespaceName": "ubuntu:16.04",
"Version": "2.6.1-0.1ubuntu2.3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "xdg-user-dirs",
"NamespaceName": "ubuntu:16.04",
"Version": "0.15-2ubuntu6",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "tiff",
"NamespaceName": "ubuntu:16.04",
"Version": "4.0.6-1ubuntu0.2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "LibTIFF 4.0.7 has an \"outside the range of representable values of type short\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7599",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-7599",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7313",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2015-7313",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (memory leak) via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7594",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-7594",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5318",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-5318",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5563",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-5563",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in LibTIFF 4.0.6 and earlier allow remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the bytecounts[] array variable.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3631",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-3631",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to \"WRITE of size 2048\" and libtiff/tif_next.c:64:9.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10272",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-10272",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A crafted input will lead to a remote denial of service attack.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-10688",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-10688",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3625",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-3625",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5319",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-5319",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "LibTIFF 4.0.7 has a \"shift exponent too large for 64-bit type long\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7601",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-7601",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7596",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-7596",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7592",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-7592",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The tagCompare function in tif_dirinfo.c in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to field_tag matching.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3634",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-3634",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_ojpeg.c:816:8.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10267",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-10267",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read and buffer overflow) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 1\" and libtiff/tif_fax3.c:413:13.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10271",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-10271",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted TIFF file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10371",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-10371",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3186",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-3186",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image, related to libtiff/tif_read.c:351:22.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10266",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-10266",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c lzw\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3621",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-3621",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c zip\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3620",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-3620",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "LibTIFF 4.0.7 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 512\" and libtiff/tif_unix.c:340:2.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10269",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-10269",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "tif_dirread.c in LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7597",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-7597",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11613",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-11613",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in tif_dir.c, which might allow remote attackers to cause a denial of service (crash) via a crafted TIFF file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9147",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9147",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "LibTIFF 4.0.7 has an \"outside the range of representable values of type unsigned char\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7600",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-7600",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF document can lead to a memory leak resulting in a remote denial of service attack.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9936",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9936",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in LibTIFF 4.0.6 and earlier, when the \"-c none\" option is used, allows remote attackers to cause a denial of service (buffer over-read) via a crafted BMP image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3619",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-3619",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7598",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-7598",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 78490\" and libtiff/tif_unix.c:115:23.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10268",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-10268",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10095",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-10095",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3633",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-3633",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7593",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:N"
}
}
},
"Name": "CVE-2017-7593",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7595",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-7595",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7602",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-7602",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9815",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9815",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5102",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-5102",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libpng",
"NamespaceName": "ubuntu:16.04",
"Version": "1.2.54-1ubuntu1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10087",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-10087",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "lz4",
"NamespaceName": "ubuntu:16.04",
"Version": "0.0~r131-2ubuntu2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libbs2b",
"NamespaceName": "ubuntu:16.04",
"Version": "3.1.0+dfsg-2.2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "wavpack",
"NamespaceName": "ubuntu:16.04",
"Version": "4.75.2-2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10169",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-10169",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10170",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-10170",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10171",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-10171",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10172",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-10172",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "twolame",
"NamespaceName": "ubuntu:16.04",
"Version": "0.3.13-1.2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxrandr",
"NamespaceName": "ubuntu:16.04",
"Version": "2:1.5.0-1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "X.org libXrandr before 1.5.1 allows remote X servers to trigger out-of-bounds write operations by leveraging mishandling of reply data.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7948",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-7948",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7947",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-7947",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "mesa",
"NamespaceName": "ubuntu:16.04",
"Version": "12.0.6-0ubuntu0.16.04.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "unattended-upgrades",
"NamespaceName": "ubuntu:16.04",
"Version": "0.90ubuntu0.6",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "audit",
"NamespaceName": "ubuntu:16.04",
"Version": "1:2.4.5-1ubuntu2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "pango1.0",
"NamespaceName": "ubuntu:16.04",
"Version": "1.38.1-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libusb-1.0",
"NamespaceName": "ubuntu:16.04",
"Version": "2:1.0.20-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "snappy",
"NamespaceName": "ubuntu:16.04",
"Version": "1.1.3-2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libusb",
"NamespaceName": "ubuntu:16.04",
"Version": "2:0.1.12-28",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "mime-support",
"NamespaceName": "ubuntu:16.04",
"Version": "3.59ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "cdebconf",
"NamespaceName": "ubuntu:16.04",
"Version": "0.198ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxext",
"NamespaceName": "ubuntu:16.04",
"Version": "2:1.3.3-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libtasn1-6",
"NamespaceName": "ubuntu:16.04",
"Version": "4.7-3ubuntu0.16.04.2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-10790",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-10790",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "sysvinit",
"NamespaceName": "ubuntu:16.04",
"Version": "2.88dsf-59.3ubuntu2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "iso-codes",
"NamespaceName": "ubuntu:16.04",
"Version": "3.65-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libvorbis",
"NamespaceName": "ubuntu:16.04",
"Version": "1.3.5-3",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The vorbis_block_clear function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ogg file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11735",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-11735",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11333",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-11333",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "ncurses",
"NamespaceName": "ubuntu:16.04",
"Version": "6.0+20160213-1ubuntu1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11112",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-11112",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11113",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-11113",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-10684",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-10684",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-10685",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-10685",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxv",
"NamespaceName": "ubuntu:16.04",
"Version": "2:1.0.10-1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5407",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-5407",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "avahi",
"NamespaceName": "ubuntu:16.04",
"Version": "0.6.32~rc+dfsg-1ubuntu2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "pixman",
"NamespaceName": "ubuntu:16.04",
"Version": "0.33.6-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libbsd",
"NamespaceName": "ubuntu:16.04",
"Version": "0.8.2-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "tbb",
"NamespaceName": "ubuntu:16.04",
"Version": "4.4~20151115-0ubuntu3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "ustr",
"NamespaceName": "ubuntu:16.04",
"Version": "1.0.4-5",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "ffmpeg",
"NamespaceName": "ubuntu:16.04",
"Version": "7:2.8.11-0ubuntu0.16.04.1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9051",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-9051",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7206",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:N"
}
}
},
"Name": "CVE-2017-7206",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-6920",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-6920",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-2778",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2012-2778",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7863",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-7863",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9994",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-9994",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-2773",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2012-2773",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9991",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-9991",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7450",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-7450",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "Integer overflow in the ape_decode_frame function in libavcodec/apedec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access and application crash) or possibly have unspecified other impact via a crafted APE file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11399",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-11399",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-6881",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-6881",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9992",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-9992",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-2781",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2012-2781",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10191",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-10191",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7862",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-7862",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-6671",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-6671",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-2780",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2012-2780",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg through 3.3.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a crafted DNxHD file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11719",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-11719",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10192",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-10192",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, and 3.3.x before 3.3.2 does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9993",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:N"
}
}
},
"Name": "CVE-2017-9993",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7122",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-7122",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9996",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-9996",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-2771",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2012-2771",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10190",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2016-10190",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7208",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:N"
}
}
},
"Name": "CVE-2017-7208",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "ca-certificates",
"NamespaceName": "ubuntu:16.04",
"Version": "20160104ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "glew",
"NamespaceName": "ubuntu:16.04",
"Version": "1.13.0-2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "debianutils",
"NamespaceName": "ubuntu:16.04",
"Version": "4.7",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "python3.5",
"NamespaceName": "ubuntu:16.04",
"Version": "3.5.2-2ubuntu0~16.04.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "tar",
"NamespaceName": "ubuntu:16.04",
"Version": "1.28-2.1ubuntu0.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "orc",
"NamespaceName": "ubuntu:16.04",
"Version": "1:0.4.25-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libpciaccess",
"NamespaceName": "ubuntu:16.04",
"Version": "0.13.4-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxi",
"NamespaceName": "ubuntu:16.04",
"Version": "2:1.7.6-1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7945",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-7945",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7946",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-7946",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "jbigkit",
"NamespaceName": "ubuntu:16.04",
"Version": "2.1-3.1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9937",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9937",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libsemanage",
"NamespaceName": "ubuntu:16.04",
"Version": "2.3-1build3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libjpeg8-empty",
"NamespaceName": "ubuntu:16.04",
"Version": "8c-2ubuntu8",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "schroedinger",
"NamespaceName": "ubuntu:16.04",
"Version": "1.0.11-2.1build1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "gtk+2.0",
"NamespaceName": "ubuntu:16.04",
"Version": "2.24.30-1ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "sqlite3",
"NamespaceName": "ubuntu:16.04",
"Version": "3.11.0-1ubuntu1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "Pointer disclosure in SQLite",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7000",
"Name": "CVE-2017-7000",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6983",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-6983",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"SQLite\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2513",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-2513",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2518",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-2518",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2520",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-2520",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SQL statement.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2519",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.5,
"Vectors": "AV:N/AC:L/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-2519",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the \"SQLite\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6991",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-6991",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "base-passwd",
"NamespaceName": "ubuntu:16.04",
"Version": "3.5.39",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "jackd2",
"NamespaceName": "ubuntu:16.04",
"Version": "1.9.10+20150825git1ed50c92~dfsg-1ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "gzip",
"NamespaceName": "ubuntu:16.04",
"Version": "1.6-4ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "openldap",
"NamespaceName": "ubuntu:16.04",
"Version": "2.4.42+dfsg-2ubuntu3.2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "fribidi",
"NamespaceName": "ubuntu:16.04",
"Version": "0.19.7-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "openshadinglanguage",
"NamespaceName": "ubuntu:16.04",
"Version": "1.7.5-thomas~xenial0",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "hicolor-icon-theme",
"NamespaceName": "ubuntu:16.04",
"Version": "0.15-0ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "atk1.0",
"NamespaceName": "ubuntu:16.04",
"Version": "2.18.0-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libavc1394",
"NamespaceName": "ubuntu:16.04",
"Version": "0.5.4-4",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libass",
"NamespaceName": "ubuntu:16.04",
"Version": "0.13.1-1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-7970",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-7970",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "perl",
"NamespaceName": "ubuntu:16.04",
"Version": "5.22.1-9",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-1238",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.2,
"Vectors": "AV:L/AC:L/Au:N/C:C/I:C"
}
}
},
"Name": "CVE-2016-1238",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6512",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:P"
}
}
},
"Name": "CVE-2017-6512",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libgcrypt20",
"NamespaceName": "ubuntu:16.04",
"Version": "1.6.5-2ubuntu0.2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "Use of left-to-right sliding window method allows full RSA key recovery",
"FixedBy": "1.6.5-2ubuntu0.3",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7526",
"Name": "CVE-2017-7526",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library.",
"FixedBy": "1.6.5-2ubuntu0.3",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9526",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:N"
}
}
},
"Name": "CVE-2017-9526",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "c-blosc",
"NamespaceName": "ubuntu:16.04",
"Version": "1.7.0-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "alsa-lib",
"NamespaceName": "ubuntu:16.04",
"Version": "1.1.0-0ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "zvbi",
"NamespaceName": "ubuntu:16.04",
"Version": "0.2.35-10",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "openexr",
"NamespaceName": "ubuntu:16.04",
"Version": "2.2.0-10ubuntu2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9116",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9116",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9113",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9113",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9115",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-9115",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9110",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9110",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9111",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-9111",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9114",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9114",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-12596",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-12596",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
},
{
"Description": "In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9112",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9112",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "gnupg",
"NamespaceName": "ubuntu:16.04",
"Version": "1.4.20-1ubuntu3.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "attr",
"NamespaceName": "ubuntu:16.04",
"Version": "1:2.4.47-2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libthai",
"NamespaceName": "ubuntu:16.04",
"Version": "0.1.24-2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxxf86vm",
"NamespaceName": "ubuntu:16.04",
"Version": "1:1.1.4-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "log4cplus",
"NamespaceName": "ubuntu:16.04",
"Version": "1.1.2-3.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "openvdb",
"NamespaceName": "ubuntu:16.04",
"Version": "3.1.0-2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "pcre3",
"NamespaceName": "ubuntu:16.04",
"Version": "2:8.38-3.1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7186",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-7186",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6004",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-6004",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7246",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-7246",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7245",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 6.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:P"
}
}
},
"Name": "CVE-2017-7245",
"NamespaceName": "ubuntu:16.04",
"Severity": "Negligible"
},
{
"Description": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7244",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-7244",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "dbus",
"NamespaceName": "ubuntu:16.04",
"Version": "1.10.6-1ubuntu3.3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "debconf",
"NamespaceName": "ubuntu:16.04",
"Version": "1.5.58ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "x265",
"NamespaceName": "ubuntu:16.04",
"Version": "1.9-3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libspnav",
"NamespaceName": "ubuntu:16.04",
"Version": "0.2.3-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "ilmbase",
"NamespaceName": "ubuntu:16.04",
"Version": "2.2.0-11ubuntu2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "zlib",
"NamespaceName": "ubuntu:16.04",
"Version": "1:1.2.8.dfsg-2ubuntu4.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "base-files",
"NamespaceName": "ubuntu:16.04",
"Version": "9.4ubuntu4.4",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "util-linux",
"NamespaceName": "ubuntu:16.04",
"Version": "2.27.1-6ubuntu3.2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2779",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.2,
"Vectors": "AV:L/AC:L/Au:N/C:C/I:C"
}
}
},
"Name": "CVE-2016-2779",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-5011",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.7,
"Vectors": "AV:L/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2016-5011",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libcap2",
"NamespaceName": "ubuntu:16.04",
"Version": "1:2.24-12",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "rtmpdump",
"NamespaceName": "ubuntu:16.04",
"Version": "2.4+20151223.gitfa8646d-1ubuntu0.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "keyutils",
"NamespaceName": "ubuntu:16.04",
"Version": "1.5.9-8ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "gobject-introspection",
"NamespaceName": "ubuntu:16.04",
"Version": "1.46.0-3ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libxcb",
"NamespaceName": "ubuntu:16.04",
"Version": "1.11.1-1ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "distro-info-data",
"NamespaceName": "ubuntu:16.04",
"Version": "0.28ubuntu0.3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libice",
"NamespaceName": "ubuntu:16.04",
"Version": "2:1.0.9-1",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "Weak Entropy Usage in Session Keys in libICE",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2626",
"Name": "CVE-2017-2626",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "python3-defaults",
"NamespaceName": "ubuntu:16.04",
"Version": "3.5.1-3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "apt",
"NamespaceName": "ubuntu:16.04",
"Version": "1.2.20",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "fontconfig",
"NamespaceName": "ubuntu:16.04",
"Version": "2.11.94-0ubuntu1.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "fonts-dejavu",
"NamespaceName": "ubuntu:16.04",
"Version": "2.35-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "systemd",
"NamespaceName": "ubuntu:16.04",
"Version": "229-4ubuntu17",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.",
"FixedBy": "229-4ubuntu19",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9217",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9217",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
},
{
"Description": "In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.",
"FixedBy": "229-4ubuntu19",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9445",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5,
"Vectors": "AV:N/AC:L/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-9445",
"NamespaceName": "ubuntu:16.04",
"Severity": "High"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "sed",
"NamespaceName": "ubuntu:16.04",
"Version": "4.2.2-7",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "sgml-base",
"NamespaceName": "ubuntu:16.04",
"Version": "1.26+nmu4ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libtheora",
"NamespaceName": "ubuntu:16.04",
"Version": "1.1.1+dfsg.1-8",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "dh-python",
"NamespaceName": "ubuntu:16.04",
"Version": "2.20151103ubuntu1.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "xz-utils",
"NamespaceName": "ubuntu:16.04",
"Version": "5.1.1alpha+20120614-2ubuntu2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "acl",
"NamespaceName": "ubuntu:16.04",
"Version": "2.2.52-3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "nettle",
"NamespaceName": "ubuntu:16.04",
"Version": "3.2-1ubuntu0.16.04.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "boost1.58",
"NamespaceName": "ubuntu:16.04",
"Version": "1.58.0+dfsg-5ubuntu3.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libidn",
"NamespaceName": "ubuntu:16.04",
"Version": "1.32-3ubuntu1.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "s2tc",
"NamespaceName": "ubuntu:16.04",
"Version": "0~git20131104-1.1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "openal-soft",
"NamespaceName": "ubuntu:16.04",
"Version": "1:1.16.0-3",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "lcms2",
"NamespaceName": "ubuntu:16.04",
"Version": "2.6-3ubuntu2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10165",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 5.8,
"Vectors": "AV:N/AC:M/Au:N/C:P/I:N"
}
}
},
"Name": "CVE-2016-10165",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "openimageio",
"NamespaceName": "ubuntu:16.04",
"Version": "1.6.11~dfsg0-1ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libvdpau",
"NamespaceName": "ubuntu:16.04",
"Version": "1.1.1-3ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "pygobject",
"NamespaceName": "ubuntu:16.04",
"Version": "3.20.0-0ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "ucf",
"NamespaceName": "ubuntu:16.04",
"Version": "3.0036",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libsamplerate",
"NamespaceName": "ubuntu:16.04",
"Version": "0.1.8-8",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7697",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 4.3,
"Vectors": "AV:N/AC:M/Au:N/C:N/I:N"
}
}
},
"Name": "CVE-2017-7697",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libogg",
"NamespaceName": "ubuntu:16.04",
"Version": "1.3.2-1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libbluray",
"NamespaceName": "ubuntu:16.04",
"Version": "1:0.9.2-2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "BD-J implementation issue in libbluray",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-7810",
"Name": "CVE-2015-7810",
"NamespaceName": "ubuntu:16.04",
"Severity": "Medium"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "libedit",
"NamespaceName": "ubuntu:16.04",
"Version": "3.1-20150325-1ubuntu2",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "gtkglext",
"NamespaceName": "ubuntu:16.04",
"Version": "1.2.0-3.2fakesync1ubuntu1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "cyrus-sasl2",
"NamespaceName": "ubuntu:16.04",
"Version": "2.1.26.dfsg1-14build1",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "cryptsetup",
"NamespaceName": "ubuntu:16.04",
"Version": "2:1.6.6-5ubuntu2",
"VersionFormat": "dpkg",
"Vulnerabilities": [
{
"Description": "The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.",
"Link": "http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-4484",
"Metadata": {
"NVD": {
"CVSSv2": {
"Score": 7.2,
"Vectors": "AV:L/AC:L/Au:N/C:C/I:C"
}
}
},
"Name": "CVE-2016-4484",
"NamespaceName": "ubuntu:16.04",
"Severity": "Low"
}
]
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "lvm2",
"NamespaceName": "ubuntu:16.04",
"Version": "2.02.133-1ubuntu10",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "db5.3",
"NamespaceName": "ubuntu:16.04",
"Version": "5.3.28-11",
"VersionFormat": "dpkg"
},
{
"AddedBy": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"Name": "icu",
"NamespaceName": "ubuntu:16.04",
"Version": "55.1-7ubuntu0.2",
"VersionFormat": "dpkg"
}
],
"IndexedByVersion": 3,
"Name": "5b741a2713d7600a7d5c546f651f51a3ce3f75748f9e84af13ce32661a3e651b",
"NamespaceName": "ubuntu:16.04"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment