FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
33459061-a1d6-11e5-8794-bcaec565249cfreeimage -- multiple integer overflows

Pcheng pcheng reports:

An integer overflow issue in the FreeImage project was reported and fixed recently.


Discovery 2015-08-28
Entry 2015-12-13
freeimage
< 3.16.0_1

CVE-2015-0852
http://www.openwall.com/lists/oss-security/2015/08/28/1
5b1631dc-eafd-11e6-9ac1-a4badb2f4699freeimage -- code execution vulnerability

TALOS reports:

An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library.


Discovery 2016-10-03
Entry 2017-02-04
Modified 2018-04-14
freeimage
< 3.16.0_4

http://www.talosintelligence.com/reports/TALOS-2016-0189/
CVE-2016-5684
ports/216657
57325ecf-facc-11e4-968f-b888e347c638dcraw -- integer overflow condition

ocert reports:

The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a buffer overflow.

The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpeg_start() function.

A maliciously crafted raw image file can be used to trigger the vulnerability, causing a Denial of Service condition.


Discovery 2015-04-24
Entry 2015-05-15
Modified 2016-01-08
cinepaint
ge 0.22.0

darktable
< 1.6.7

dcraw
ge 7.00 lt 9.26

dcraw-m
ge 0

exact-image
< 0.9.1

flphoto
ge 0

freeimage
ge 3.13.0 lt 3.16.0_1

kodi
< 14.2_1

libraw
< 0.16.1

lightzone
< 4.1.2

netpbm
< 10.35.96

opengtl
ge 0

rawstudio
< 2.0_11

ufraw
< 0.21

CVE-2015-3885
http://www.ocert.org/advisories/ocert-2015-006.html
https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e
https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5
https://sourceforge.net/p/netpbm/code/2512/