UBUNTU-CVE-2026-50593

Source
https://ubuntu.com/security/CVE-2026-50593
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-50593.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-50593
Upstream
Downstream
Related
Published
2026-06-05T04:17:00Z
Modified
2026-06-17T16:15:16.587910729Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.

References

Affected packages

Ubuntu:14.04:LTS
graphite2

Package

Name
graphite2
Purl
pkg:deb/ubuntu/graphite2?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.2.3-1
1.2.4-1
1.2.4-1ubuntu1
1.2.4-1ubuntu1.1
1.3.6-1ubuntu0.14.04.1
1.3.10-0ubuntu0.14.04.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libgraphite2-3",
            "binary_version": "1.3.10-0ubuntu0.14.04.1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-50593.json"
Ubuntu:18.04:LTS
graphite2

Package

Name
graphite2
Purl
pkg:deb/ubuntu/graphite2?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.3.10-2
1.3.10-6
1.3.10-8
1.3.11-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libgraphite2-3",
            "binary_version": "1.3.11-2"
        },
        {
            "binary_name": "libgraphite2-utils",
            "binary_version": "1.3.11-2"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-50593.json"
Ubuntu:20.04:LTS
graphite2

Package

Name
graphite2
Purl
pkg:deb/ubuntu/graphite2?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.3.13-8
1.3.13-11
1.3.13-11build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libgraphite2-3",
            "binary_version": "1.3.13-11build1"
        },
        {
            "binary_name": "libgraphite2-utils",
            "binary_version": "1.3.13-11build1"
        },
        {
            "binary_name": "python3-graphite2",
            "binary_version": "1.3.13-11build1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-50593.json"
Ubuntu:22.04:LTS
graphite2

Package

Name
graphite2
Purl
pkg:deb/ubuntu/graphite2?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.14-1ubuntu0.1

Affected versions

1.*
1.3.14-1
1.3.14-1build1
1.3.14-1build2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libgraphite2-3",
            "binary_version": "1.3.14-1ubuntu0.1"
        },
        {
            "binary_name": "libgraphite2-utils",
            "binary_version": "1.3.14-1ubuntu0.1"
        },
        {
            "binary_name": "python3-graphite2",
            "binary_version": "1.3.14-1ubuntu0.1"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-50593.json"
Ubuntu:24.04:LTS
graphite2

Package

Name
graphite2
Purl
pkg:deb/ubuntu/graphite2?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.14-2ubuntu0.24.04.1

Affected versions

1.*
1.3.14-1build2
1.3.14-2
1.3.14-2build1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libgraphite2-3",
            "binary_version": "1.3.14-2ubuntu0.24.04.1"
        },
        {
            "binary_name": "libgraphite2-utils",
            "binary_version": "1.3.14-2ubuntu0.24.04.1"
        },
        {
            "binary_name": "python3-graphite2",
            "binary_version": "1.3.14-2ubuntu0.24.04.1"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-50593.json"
Ubuntu:25.10
graphite2

Package

Name
graphite2
Purl
pkg:deb/ubuntu/graphite2?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.14-2ubuntu1.3

Affected versions

1.*
1.3.14-2ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libgraphite2-3",
            "binary_version": "1.3.14-2ubuntu1.3"
        },
        {
            "binary_name": "libgraphite2-utils",
            "binary_version": "1.3.14-2ubuntu1.3"
        },
        {
            "binary_name": "python3-graphite2",
            "binary_version": "1.3.14-2ubuntu1.3"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-50593.json"
Ubuntu:26.04:LTS
graphite2

Package

Name
graphite2
Purl
pkg:deb/ubuntu/graphite2?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.14-11ubuntu1.1

Affected versions

1.*
1.3.14-2ubuntu1
1.3.14-11ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libgraphite2-3",
            "binary_version": "1.3.14-11ubuntu1.1"
        },
        {
            "binary_name": "libgraphite2-utils",
            "binary_version": "1.3.14-11ubuntu1.1"
        },
        {
            "binary_name": "python3-graphite2",
            "binary_version": "1.3.14-11ubuntu1.1"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-50593.json"
Ubuntu:Pro:16.04:LTS
graphite2

Package

Name
graphite2
Purl
pkg:deb/ubuntu/graphite2?arch=source&distro=esm-infra%2Fxenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.2.4-3ubuntu1
1.3.5-1ubuntu1
1.3.6-1ubuntu1
1.3.10-0ubuntu0.16.04.1
1.3.10-0ubuntu0.16.04.1+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libgraphite2-3",
            "binary_version": "1.3.10-0ubuntu0.16.04.1+esm1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-50593.json"