FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4b6cb45d-881e-447a-a4e0-c97a954ea758bzip2 -- multiple issues

bzip2 developers reports:

CVE-2016-3189 - Fix use-after-free in bzip2recover (Jakub Martisko)

CVE-2019-12900 - Detect out-of-range nSelectors in corrupted files (Albert Astals Cid). Found through fuzzing karchive.


Discovery 2019-06-23
Entry 2019-06-30
bzip2
lt 1.0.7

https://gitlab.com/federicomenaquintero/bzip2/blob/master/NEWS
https://bugzilla.redhat.com/show_bug.cgi?id=1319648
CVE-2016-3189
CVE-2019-12900
0ddb57a9-da20-4e99-b048-4366092f3d31bzip2 -- integer overflow vulnerability

Secunia reports:

A vulnerability has been reported in bzip2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

The vulnerability is caused due to an integer overflow in the "BZ2_decompress()" function in decompress.c and can be exploited to cause a crash or potentially execute arbitrary code.


Discovery 2010-09-21
Entry 2010-10-25
bzip2
lt 1.0.6

SA-10:08.bzip2
ports/151364
CVE-2010-0405
43331
http://www.openwall.com/lists/oss-security/2010/09/21/4
http://secunia.com/advisories/41452
063399fc-f6d6-11dc-bcee-001c2514716cbzip2 -- crash with certain malformed archive files

SecurityFocus reports:

The 'bzip2' application is prone to a remote file-handling vulnerability because the application fails to properly handle malformed files.

Exploit attempts likely result in application crashes.


Discovery 2008-03-18
Entry 2008-03-20
bzip2
lt 1.0.5

28286
CVE-2008-1372
https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/