FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 18:22:07 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2bc960c4-e665-11dd-afcd-00e0815b8da8optipng -- arbitrary code execution via crafted BMP image

Secunia reports:

A vulnerability has been reported in OptiPNG, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the BMP reader and can be exploited to cause a buffer overflow by tricking a user into processing a specially crafted file.

Successful exploitation may allow execution of arbitrary code.


Discovery 2008-11-11
Entry 2009-01-19
optipng
< 0.6.2

CVE-2008-5101
http://secunia.com/advisories/32651
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399
http://optipng.sourceforge.net/
8fedf75c-ef2f-11e6-900e-003048f78448optipng -- multiple vulnerabilities

ifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.

Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.


Discovery 2015-10-09
Entry 2017-02-16
optipng
< 0.7.6

CVE-2015-7802
CVE-2016-2191
CVE-2016-3981
CVE-2016-3982
a8818f7f-9182-11e2-9bdf-d48564727302optipng -- use-after-free vulnerability

Secunia reports:

A vulnerability has been reported in OptiPNG, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to a use-after-free error related to the palette reduction functionality. No further information is currently available.

Success exploitation may allow execution of arbitrary code.


Discovery 2012-09-16
Entry 2013-03-21
optipng
ge 0.7 lt 0.7.4

CVE-2012-4432
https://secunia.com/advisories/50654
bab05188-5d4b-11e5-9ad8-14dae9d210b8optipng -- use-after-free vulnerability

Gustavo Grieco reports:

We found a use-after-free causing an invalid/double free in optipng 0.6.4.


Discovery 2015-09-16
Entry 2015-09-17
Modified 2015-10-14
optipng
le 0.6.5

http://seclists.org/oss-sec/2015/q3/556
CVE-2015-7801