FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
4bae544d-06a3-4352-938c-b3bcbca89298	ffmpeg -- multiple vulnerabilities NVD reports: The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file. Discovery 2015-12-20 Entry 2015-12-28 Modified 2018-03-25 libav ge 0 gstreamer-ffmpeg ge 0 handbrake < 1.2.0 ffmpeg ge 2.8,1 lt 2.8.4,1 < 2.7.4,1 ffmpeg26 < 2.6.6 ffmpeg25 < 2.5.9 ffmpeg24 < 2.4.12 ffmpeg-devel ffmpeg23 ffmpeg2 ffmpeg1 ffmpeg-011 ffmpeg0 ge 0 avidemux avidemux2 avidemux26 le 2.6.11 kodi < 16.0 mplayer mencoder < 1.2.r20151219_1 mythtv mythtv-frontend le 0.27.5,1 plexhometheater ge 0 CVE-2015-8662 CVE-2015-8663 https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5 https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=abee0a1c60612e8638640a8a3738fffb65e16dbf https://ffmpeg.org/security.html
6ac79ed8-ccc2-11e5-932b-5404a68ad561	ffmpeg -- remote denial of service in JPEG2000 decoder FFmpeg security reports: FFmpeg 2.8.6 fixes the following vulnerabilities: CVE-2016-2213 Discovery 2016-01-27 Entry 2016-02-06 ffmpeg < 2.8.6,1 mplayer mencoder < 1.2.r20151219_3 CVE-2016-2213 https://www.ffmpeg.org/security.html
046fedd1-bd01-11e5-bbf4-5404a68ad561	ffmpeg -- remote attacker can access local files Arch Linux reports: ffmpeg has a vulnerability in the current version that allows the attacker to create a specially crafted video file, downloading which will send files from a user PC to a remote attacker server. The attack does not even require the user to open that file â for example, KDE Dolphin thumbnail generation is enough. Discovery 2016-01-13 Entry 2016-01-17 ffmpeg gt 2.0,1 lt 2.8.5,1 mplayer mencoder < 1.2.r20151219_2 CVE-2016-1897 CVE-2016-1898 ports/206282 https://www.ffmpeg.org/security.html

VuXML ID

Description

4bae544d-06a3-4352-938c-b3bcbca89298

ffmpeg -- multiple vulnerabilities

NVD reports:

The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.

The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file.

Discovery 2015-12-20
Entry 2015-12-28
Modified 2018-03-25
libav

ge 0

gstreamer-ffmpeg

ge 0

handbrake

< 1.2.0

ffmpeg

ge 2.8,1 lt 2.8.4,1

< 2.7.4,1

ffmpeg26

< 2.6.6

ffmpeg25

< 2.5.9

ffmpeg24

< 2.4.12

ffmpeg-devel
ffmpeg23
ffmpeg2
ffmpeg1
ffmpeg-011
ffmpeg0

ge 0

avidemux
avidemux2
avidemux26

le 2.6.11

kodi

< 16.0

mplayer
mencoder

< 1.2.r20151219_1

mythtv
mythtv-frontend

le 0.27.5,1

plexhometheater

ge 0

CVE-2015-8662
CVE-2015-8663
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=abee0a1c60612e8638640a8a3738fffb65e16dbf
https://ffmpeg.org/security.html

6ac79ed8-ccc2-11e5-932b-5404a68ad561

ffmpeg -- remote denial of service in JPEG2000 decoder

FFmpeg security reports:

FFmpeg 2.8.6 fixes the following vulnerabilities: CVE-2016-2213

Discovery 2016-01-27
Entry 2016-02-06
ffmpeg

< 2.8.6,1

mplayer
mencoder

< 1.2.r20151219_3

CVE-2016-2213
https://www.ffmpeg.org/security.html

046fedd1-bd01-11e5-bbf4-5404a68ad561

ffmpeg -- remote attacker can access local files

Arch Linux reports:

ffmpeg has a vulnerability in the current version that allows the attacker to create a specially crafted video file, downloading which will send files from a user PC to a remote attacker server. The attack does not even require the user to open that file â for example, KDE Dolphin thumbnail generation is enough.

Discovery 2016-01-13
Entry 2016-01-17
ffmpeg

gt 2.0,1 lt 2.8.5,1

mplayer
mencoder

< 1.2.r20151219_2

CVE-2016-1897
CVE-2016-1898
ports/206282
https://www.ffmpeg.org/security.html