FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
8fedf75c-ef2f-11e6-900e-003048f78448 | optipng -- multiple vulnerabilities
ifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.
The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.
Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.
Discovery 2015-10-09 Entry 2017-02-16 optipng
< 0.7.6
CVE-2015-7802
CVE-2016-2191
CVE-2016-3981
CVE-2016-3982
|
bab05188-5d4b-11e5-9ad8-14dae9d210b8 | optipng -- use-after-free vulnerability
Gustavo Grieco reports:
We found a use-after-free causing an invalid/double free in
optipng 0.6.4.
Discovery 2015-09-16 Entry 2015-09-17 Modified 2015-10-14 optipng
le 0.6.5
http://seclists.org/oss-sec/2015/q3/556
CVE-2015-7801
|
fe7ac70a-792b-11ee-bf9a-a04a5edf46d9 | PptiPNG -- Global-buffer-overflow
Frank-Z7 reports:
Running optipng with the "-zm 3 -zc 1 -zw 256 -snip -out"
configuration options enabled raises a global-buffer-overflow bug,
which could allow a remote attacker to conduct a denial-of-service
attack or other unspecified effect on a crafted file.
Discovery 2023-09-30 Entry 2023-11-02 optipng
< 0.7.7_1
CVE-2023-43907
https://nvd.nist.gov/vuln/detail/CVE-2023-43907
|