FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
714e6c35-c75b-11ea-aa29-d74973d1f9f3OpenEXR/ilmbase 2.5.2 -- patch release with various bug/security fixes

Cary Phillips reports:

openexr 2.5.2 [is a p]atch release with various bug/security and build/install fixes:

  • Invalid input could cause a heap-use-after-free error in DeepScanLineInputFile::DeepScanLineInputFile()
  • Invalid chunkCount attributes could cause heap buffer overflow in getChunkOffsetTableSize()
  • Invalid tiled input file could cause invalid memory access TiledInputFile::TiledInputFile()

Discovery 2020-05-18
Entry 2020-07-16
ilmbase
< 2.5.2

openexr
< 2.5.2

https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.2
b1d6b383-dd51-11ea-a688-7b12871ef3adilmbase, openexr -- v2.5.3 is a patch release with various bug/security fixes

Cary Phillips reports:

v2.5.3 - Patch release with various bug/security fixes [...]:

  • Various sanitizer/fuzz-identified issues related to handling of invalid input

Discovery 2020-07-13
Entry 2020-08-13
ilmbase
< 2.5.3

openexr
< 2.5.3

https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.3
98044aba-6d72-11eb-aed7-1b1b8a70cc8bopenexr, ilmbase -- security fixes related to reading corrupted input files

Cary Phillips reports:

Patch release with various bug/sanitizer/security fixes, primarily related to reading corrupted input files[...].


Discovery 2021-02-12
Entry 2021-02-12
ilmbase
< 2.5.5

openexr
< 2.5.5

https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.5
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.4
CVE-2021-20296
CVE-2021-3479
CVE-2021-3478
CVE-2021-3477
CVE-2021-3476
CVE-2021-3475
CVE-2021-3474
f2596f27-db4c-11eb-8bc6-c556d71493c9openexr v3.0.5 -- fixes miscellaneous security issues

Cary Phillips reports:

  • 1038 fix/extend part number validation in MultiPart methods
  • 1037 verify data size in deepscanlines with NO_COMPRESSION
  • 1036 detect buffer overflows in RleUncompress

Discovery 2021-06-03
Entry 2021-07-02
openexr
< 3.0.5

https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.0.5
b6ef8a53-8062-11ec-9af3-fb232efe4d2eOpenEXR -- Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute

Cary Phillips reports:

[OpenEXR Version 3.1.4 is a] patch release that [...] addresses one public security vulnerability: CVE-2021-45942 Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute [and several] specific OSS-fuzz issues [...].


Discovery 2021-11-26
Entry 2022-01-28
openexr
< 3.1.4

CVE-2021-45942
https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41999
https://github.com/AcademySoftwareFoundation/openexr/pull/1209