FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
49346de2-b015-11eb-9bdf-f8b156b6dcc8FLAC -- out-of-bounds read

Oss-Fuzz reports:

There is a possible out of bounds read due to a heap buffer overflow in FLAC__bitreader_read_rice_signed_block of bitreader.c.


Discovery 2019-09-08
Entry 2021-05-08
flac
< 1.3.3_1

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069
CVE-2020-0499
a33addf6-74e6-11e4-a615-f8b156b6dcc8flac -- Multiple vulnerabilities

Erik de Castro Lopo reports:

Google Security Team member, Michele Spagnuolo, recently found two potential problems in the FLAC code base. They are:

  • CVE-2014-9028: Heap buffer write overflow.
  • CVE-2014-8962: Heap buffer read overflow.

Discovery 2014-11-25
Entry 2014-11-25
Modified 2015-07-15
flac
< 1.3.0_3

linux-c6-flac
< 1.2.1_3

https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e
CVE-2014-8962
https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
CVE-2014-9028
5e1440c6-95af-11ec-b320-f8b156b6dcc8flac -- fix encoder bug

The FLAC 1.3.4 release reports:

Fix 12 decoder bugs found by oss-fuzz.

Fix encoder bug CVE-2021-0561.


Discovery 2022-02-20
Entry 2022-02-24
flac
< 1.3.4

CVE-2021-0561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0561
ff65eecb-91e4-11dc-bd6c-0016179b2dd5flac -- media file processing integer overflow vulnerabilities

iDefense Laps reports:

Remote exploitation of multiple integer overflow vulnerabilities in libFLAC, as included with various vendor's software distributions, allows attackers to execute arbitrary code in the context of the currently logged in user.

These vulnerabilities specifically exist in the handling of malformed FLAC media files. In each case, an integer overflow can occur while calculating the amount of memory to allocate. As such, insufficient memory is allocated for the data that is subsequently read in from the file, and a heap based buffer overflow occurs.


Discovery 2007-10-11
Entry 2007-11-13
flac
< 1.1.2_2

CVE-2007-4619
http://secunia.com/advisories/27210/
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608