FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2a6106c6-73e5-11ec-8fa2-0800270512f4clamav -- invalid pointer read that may cause a crash

Laurent Delosieres reports:

Fix for invalid pointer read that may cause a crash. This issue affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json option) is enabled.


Discovery 2022-01-12
Entry 2022-01-12
clamav
< 0.104.2,1

clamav-lts
< 0.103.5,1

CVE-2022-20698
https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html
68ae70c5-c5e5-11ee-9768-08002784c58dclamav -- Multiple vulnerabilities

The ClamAV project reports:

CVE-2024-20290
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.
CVE-2024-20328
Fixed a possible command injection vulnerability in the "VirusEvent" feature of ClamAV's ClamD service. To fix this issue, we disabled the '%f' format string parameter. ClamD administrators may continue to use the `CLAM_VIRUSEVENT_FILENAME` environment variable, instead of '%f'. But you should do so only from within an executable, such as a Python script, and not directly in the clamd.conf "VirusEvent" command.

Discovery 2024-02-07
Entry 2024-02-07
clamav
< 1.2.2,1

clamav-lts
< 1.0.5,1

CVE-2024-20290
CVE-2024-20328
https://blog.clamav.net/2023/11/clamav-130-122-105-released.html
b2407db1-d79f-11ec-a15f-589cfc0f81b0clamav -- Multiple vulnerabilities

The ClamAV project reports:

Fixed a possible double-free vulnerability in the OLE2 file parser. Issue affects versions 0.104.0 through 0.104.2. Issue identified by OSS-Fuzz.

Fixed a possible infinite loop vulnerability in the CHM file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for reporting this issue.

Fixed a possible NULL-pointer dereference crash in the scan verdict cache check. Issue affects versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2. Thank you to Alexander Patrakov and Antoine Gatineau for reporting this issue.

Fixed a possible infinite loop vulnerability in the TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. The issue only occurs if the "--alert-broken-media" ClamScan option is enabled. For ClamD, the affected option is "AlertBrokenMedia yes", and for libclamav it is the "CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. Thank you to Michał Dardas for reporting this issue.

Fixed a possible memory leak in the HTML file parser / Javascript normalizer. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for reporting this issue.

Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module. The fix was to update the vendored regex library to the latest version. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for reporting this issue.


Discovery 2022-05-04
Entry 2022-05-19
clamav
< 0.104.3,1

clamav-lts
< 0.103.6,1

CVE-2022-20803
CVE-2022-20770
CVE-2022-20796
CVE-2022-20771
CVE-2022-20785
CVE-2022-20792
https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html#more
fd792048-ad91-11ed-a879-080027f5fec9clamav -- Multiple vulnerabilities

Simon Scannell reports:

CVE-2023-20032
Fixed a possible remote code execution vulnerability in the HFS+ file parser.
CVE-2023-20052
Fixed a possible remote information leak vulnerability in the DMG file parser.

Discovery 2023-02-15
Entry 2023-02-16
clamav
< 1.0.1,1

clamav-lts
< 0.103.8,1

CVE-2023-20032
CVE-2023-20052
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
8e561cfe-3c59-11ee-b32e-080027f5fec9clamav -- Possible denial of service vulnerability in the AutoIt file parser

The ClamAV project reports:

There is a possible denial of service vulnerability in the AutoIt file parser.


Discovery 2023-08-15
Entry 2023-08-16
clamav-lts
< 1.0.2,1

CVE-2023-20212
https://blog.clamav.net/2023/07/2023-08-16-releases.html
51a59f36-3c58-11ee-b32e-080027f5fec9clamav -- Possible denial of service vulnerability in the HFS+ file parser

Steve Smith reports:

There is a possible denial of service vulnerability in the HFS+ file parser.


Discovery 2023-08-15
Entry 2023-08-16
clamav
< 1.1.1,1

clamav-lts
< 1.0.2,1

CVE-2023-20197
https://blog.clamav.net/2023/07/2023-08-16-releases.html