FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
02bee9ae-c5d1-409b-8a79-983a88861509libraw -- Out-of-bounds Read

libraw developers report:

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.


Discovery 2017-09-20
Entry 2017-09-28
libraw
le 0.18.4

https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21
https://github.com/LibRaw/LibRaw/issues/101
CVE-2017-14608
d9f96741-47bd-4426-9aba-8736c0971b24libraw -- buffer overflow

libraw developers report:

LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.


Discovery 2017-09-12
Entry 2017-09-26
libraw
< 0.18.4

http://www.securityfocus.com/bid/100866
https://github.com/LibRaw/LibRaw/issues/100
CVE-2017-14348
c60804f1-126f-11e8-8b5b-4ccc6adda413libraw -- multiple DoS vulnerabilities

Secunia Research reports:

CVE-2017-16909: An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.

CVE-2017-16910: An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) can be exploited to cause an invalid read memory access.


Discovery 2017-12-04
Entry 2018-02-15
libraw
< 0.18.6

https://www.securityfocus.com/archive/1/541583
CVE-2017-16909
CVE-2017-16910
6f0b0cbf-1274-11e8-8b5b-4ccc6adda413libraw -- multiple DoS vulnerabilities

Secunia Research reports:

CVE-2018-5800: An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

CVE-2017-5801: An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) can be exploited to trigger a NULL pointer dereference.

CVE-2017-5802: An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.


Discovery 2018-01-16
Entry 2018-02-15
libraw
< 0.18.7

https://www.securityfocus.com/archive/1/541732
CVE-2018-5800
CVE-2018-5801
CVE-2018-5802
4cd857d9-26d2-4417-b765-69701938f9e0libraw -- denial of service and remote code execution

libraw developers report:

A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.


Discovery 2017-09-11
Entry 2017-09-26
libraw
< 0.18.3

https://github.com/LibRaw/LibRaw/issues/99
CVE-2017-14265