FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
5140dc69-b65e-11e1-9425-001b21614864	ImageMagick -- multiple vulnerabilities ImageMagick reports: Three vulnerabilities have been identified in ImageMagick's handling of JPEG and TIFF files. With these vulnerabilities, it is possible to cause a denial of service situation in the target system. Discovery 2012-03-28 Entry 2012-06-14 Modified 2014-04-30 ImageMagick < 6.7.6.4 ImageMagick-nox11 < 6.7.6.4 CVE-2012-0259 CVE-2012-0260 CVE-2012-1798 http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629 http://www.cert.fi/en/reports/2012/vulnerability635606.html
16fb4f83-a2ab-11e7-9c14-009c02a2ab30	ImageMagick -- denial of service via a crafted font file MITRE reports: The ReadCAPTIONImage function in coders/caption.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. Discovery 2017-09-21 Entry 2017-09-26 ImageMagick7 < 7.0.7.4 ImageMagick7-nox11 < 7.0.7.4 ImageMagick le 6.9.8.9_1 ImageMagick-nox11 le 6.9.8.9_1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14741 https://github.com/ImageMagick/ImageMagick/issues/771 https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d CVE-2017-14741
50776801-4183-11e7-b291-b499baebfeaf	ImageMagick -- multiple vulnerabilities Please reference CVE/URL list for details Discovery 2017-03-05 Entry 2017-05-25 Modified 2017-05-29 ImageMagick ImageMagick-nox11 < 6.9.6.4_2,1 ge 6.9.7.0,1 lt 6.9.8.8,1 ImageMagick7 ImageMagick7-nox11 < 7.0.5.9 https://nvd.nist.gov/vuln/search/results?query=ImageMagick CVE-2017-5506 CVE-2017-5507 CVE-2017-5508 CVE-2017-5509 CVE-2017-5510 CVE-2017-5511 CVE-2017-6497 CVE-2017-6498 CVE-2017-6499 CVE-2017-6500 CVE-2017-6501 CVE-2017-6502 CVE-2017-7275 CVE-2017-7606 CVE-2017-7619 CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8343 CVE-2017-8344 CVE-2017-8345 CVE-2017-8346 CVE-2017-8347 CVE-2017-8348 CVE-2017-8349 CVE-2017-8350 CVE-2017-8351 CVE-2017-8352 CVE-2017-8353 CVE-2017-8354 CVE-2017-8355 CVE-2017-8356 CVE-2017-8357 CVE-2017-8765 CVE-2017-8830 CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144
19d35b0f-ba73-11e6-b1cf-14dae9d210b8	ImageMagick -- heap overflow vulnerability Bastien Roucaries reports: Imagemagick before 3cbfb163cff9e5b8cdeace8312e9bfee810ed02b suffer from a heap overflow in WaveletDenoiseImage(). This problem is easily trigerrable from a Perl script. Discovery 2016-11-13 Entry 2016-12-04 ImageMagick ImageMagick-nox11 < 6.9.6.4,1 ImageMagick7 ImageMagick7-nox11 < 7.0.3.7 http://seclists.org/oss-sec/2016/q4/413 https://github.com/ImageMagick/ImageMagick/issues/296 CVE-2016-9298 ports/214517 ports/214511 ports/214520
10f7f782-901c-11e6-a590-14dae9d210b8	ImageMagick -- multiple vulnerabilities Debian reports: Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service or the execution of arbitrary code if malformed SIXEL, PDB, MAP, SGI, TIFF and CALS files are processed. Discovery 2016-09-23 Entry 2016-10-12 Modified 2016-10-18 ImageMagick ImageMagick-nox11 < 6.9.5.10,1 https://www.debian.org/security/2016/dsa-3675 ports/213032
82b702e0-1907-11e6-857b-00221503d280	imagemagick -- buffer overflow ImageMagick reports: Fix a buffer overflow in magick/drag.c/DrawStrokePolygon(). Discovery 2016-05-09 Entry 2016-05-13 ImageMagick ImageMagick-nox11 < 6.9.4.1,1 ImageMagick7 ImageMagick7-nox11 ge 7.0.0.0.b20150715 lt 7.0.1.3 http://legacy.imagemagick.org/script/changelog.php
0d724b05-687f-4527-9c03-af34d3b094ec	ImageMagick -- multiple vulnerabilities Openwall reports: Insufficient filtering for filename passed to delegate's command allows remote code execution during conversion of several file formats. Any service which uses ImageMagick to process user supplied images and uses default delegates.xml / policy.xml, may be vulnerable to this issue. It is possible to make ImageMagick perform a HTTP GET or FTP request It is possible to delete files by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading. It is possible to move image files to file with any extension in any folder by using ImageMagick's 'msl' pseudo protocol. msl.txt and image.gif should exist in known location - /tmp/ for PoC (in real life it may be web service written in PHP, which allows to upload raw txt files and process images with ImageMagick). It is possible to get content of the files from the server by using ImageMagick's 'label' pseudo protocol. Discovery 2016-05-03 Entry 2016-05-06 Modified 2016-05-07 ImageMagick ImageMagick-nox11 < 6.9.3.9_1,1 ImageMagick7 ImageMagick7-nox11 ge 7.0.0.0.b20150715 lt 7.0.1.0_1 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 http://www.openwall.com/lists/oss-security/2016/05/03/18 https://imagetragick.com/
98690c45-0361-11e2-a391-000c29033c32	ImageMagick and GraphicsMagick -- DoS via specially crafted PNG file Kurt Seifried reports: There is an issue in ImageMagick that is also present in GraphicsMagick. CVE-2011-3026 deals with libpng memory allocation, and limitations have been added so that a bad PNG can't cause the system to allocate a lot of memory and a denial of service. However on further investigation of ImageMagick, Tom Lane found that PNG malloc function (Magick_png_malloc) in turn calls AcquireMagickMemory with an improper size argument. Discovery 2012-07-28 Entry 2012-09-20 Modified 2014-04-30 ImageMagick le 6.7.8.6 ImageMagick-nox11 le 6.7.8.6 GraphicsMagick ge 1.3.0 le 1.3.16 GraphicsMagick-nox11 ge 1.3.0 le 1.3.16 CVE-2012-3438 https://bugzilla.redhat.com/show_bug.cgi?id=844105 54716 http://secunia.com/advisories/50090 http://xforce.iss.net/xforce/xfdb/77259 http://osvdb.org/show/osvdb/84323