FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
57325ecf-facc-11e4-968f-b888e347c638	dcraw -- integer overflow condition ocert reports: The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpeg_start() function. A maliciously crafted raw image file can be used to trigger the vulnerability, causing a Denial of Service condition. Discovery 2015-04-24 Entry 2015-05-15 Modified 2016-01-08 cinepaint ge 0.22.0 darktable < 1.6.7 dcraw ge 7.00 lt 9.26 dcraw-m ge 0 exact-image < 0.9.1 flphoto ge 0 freeimage ge 3.13.0 lt 3.16.0_1 kodi < 14.2_1 libraw < 0.16.1 lightzone < 4.1.2 netpbm < 10.35.96 opengtl ge 0 rawstudio < 2.0_11 ufraw < 0.21 CVE-2015-3885 http://www.ocert.org/advisories/ocert-2015-006.html https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5 https://sourceforge.net/p/netpbm/code/2512/
ae9fb0d7-c4dc-11da-b2fb-000e0c2e438a	netpbm -- buffer overflow in pnmtopng Ubuntu reports: A buffer overflow was found in the "pnmtopng" conversion program. By tricking an user (or automated system) to process a specially crafted PNM image with pnmtopng, this could be exploited to execute arbitrary code with the privileges of the user running pnmtopng. Discovery 2005-10-18 Entry 2006-04-05 netpbm < 10.26 15128 CAN-2005-2978 http://www.ubuntulinux.org/support/documentation/usn/usn-210-1

VuXML ID

Description

57325ecf-facc-11e4-968f-b888e347c638

dcraw -- integer overflow condition

ocert reports:

The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a buffer overflow.

The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpeg_start() function.

A maliciously crafted raw image file can be used to trigger the vulnerability, causing a Denial of Service condition.

Discovery 2015-04-24
Entry 2015-05-15
Modified 2016-01-08
cinepaint

ge 0.22.0

darktable

< 1.6.7

dcraw

ge 7.00 lt 9.26

dcraw-m

ge 0

exact-image

< 0.9.1

flphoto

ge 0

freeimage

ge 3.13.0 lt 3.16.0_1

kodi

< 14.2_1

libraw

< 0.16.1

lightzone

< 4.1.2

netpbm

< 10.35.96

opengtl

ge 0

rawstudio

< 2.0_11

ufraw

< 0.21

CVE-2015-3885
http://www.ocert.org/advisories/ocert-2015-006.html
https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e
https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5
https://sourceforge.net/p/netpbm/code/2512/

ae9fb0d7-c4dc-11da-b2fb-000e0c2e438a

netpbm -- buffer overflow in pnmtopng

Ubuntu reports:

A buffer overflow was found in the "pnmtopng" conversion program. By tricking an user (or automated system) to process a specially crafted PNM image with pnmtopng, this could be exploited to execute arbitrary code with the privileges of the user running pnmtopng.

Discovery 2005-10-18
Entry 2006-04-05
netpbm

< 10.26

15128
CAN-2005-2978
http://www.ubuntulinux.org/support/documentation/usn/usn-210-1