FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
64ee858e-e035-4bb4-9c77-2468963dddb8libvorbis -- multiple vulnerabilities

NVD reports:

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis().


Discovery 2018-03-16
Entry 2018-03-16
libvorbis
< 1.3.6,3

CVE-2017-14632
CVE-2017-14633
4200d5f5-b985-11ea-b08a-f8b156b6dcc8libvorbis -- two vulnerabilities

Two vulnerabilities were fixed in the upstream repository:

  • The bark_noise_hybridmp function allows remote attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact via a crafted file.
  • mapping0_forward does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

Discovery 2017-09-21
Entry 2020-06-28
libvorbis
< 1.3.6_1,3

https://www.openwall.com/lists/oss-security/2017/09/21/2
CVE-2017-14160
https://gitlab.xiph.org/xiph/vorbis/-/issues/2335
CVE-2018-10392
7943794f-707f-4e31-9fea-3bbf1ddcedc1mozilla -- multiple vulnerabilities

The Mozilla Foundation reports:

CVE-2018-5146: Out of bounds memory write in libvorbis

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

CVE-2018-5147: Out of bounds memory write in libtremor

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.


Discovery 2018-03-16
Entry 2018-03-16
Modified 2018-03-31
libvorbis
< 1.3.6,3

libtremor
< 1.2.1.s20180316

firefox
< 59.0.1,1

waterfox
< 56.0.4.36_3

seamonkey
linux-seamonkey
< 2.49.3

firefox-esr
< 52.7.2,1

linux-firefox
< 52.7.2,2

libxul
< 52.7.3

thunderbird
linux-thunderbird
< 52.7.0

CVE-2018-5146
CVE-2018-5147
https://www.mozilla.org/security/advisories/mfsa2018-08/
https://www.mozilla.org/security/advisories/mfsa2018-09/