FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
08a125f3-e35a-11e7-a293-54e1ad3d6335libXfont -- permission bypass when opening files through symlinks

the freedesktop.org project reports:

A non-privileged X client can instruct X server running under root to open any file by creating own directory with "fonts.dir", "fonts.alias" or any font file being a symbolic link to any other file in the system. X server will then open it. This can be issue with special files such as /dev/watchdog.


Discovery 2017-11-25
Entry 2017-12-17
libXfont
< 1.5.4

libXfont2
< 2.0.3

https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8
CVE-2017-16611
3b9590a1-e358-11e7-a293-54e1ad3d6335libXfont -- multiple memory leaks

The freedesktop.org project reports:

If a pattern contains '?' character, any character in the string is skipped, even if it is '\0'. The rest of the matching then reads invalid memory.

Without the checks a malformed PCF file can cause the library to make atom from random heap memory that was behind the `strings` buffer. This may crash the process or leak information.


Discovery 2017-10-04
Entry 2017-12-17
libXfont
< 1.5.3

libXfont2
< 2.0.2

https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608
https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd
CVE-2017-13720
CVE-2017-13722