FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
92442c4b-6f4a-11db-bd28-0012f06707f0Imlib2 -- multiple image file processing vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in imlib2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

The vulnerabilities are caused due to unspecified errors within the processing of JPG, ARGB, PNG, LBM, PNM, TIFF, and TGA images. This may be exploited to execute arbitrary code by e.g. tricking a user into opening a specially crafted image file with an application using imlib2.


Discovery 2006-11-03
Entry 2006-11-08
imlib2
< 20060926_1,1

20903
CVE-2006-4806
CVE-2006-4807
CVE-2006-4808
CVE-2006-4809
ba005226-fb5b-11d8-9837-000c41e2cdadimlib2 -- BMP decoder buffer overflow

Marcus Meissner discovered that imlib2's BMP decoder would crash when loading the test BMP file created by Chris Evans for testing the previous Qt vulnerability. There appears to be both a stack-based and a heap-based buffer overflow that are believed to be exploitable for arbitrary code execution.


Discovery 2004-08-31
Entry 2004-08-31
imlib2
le 1.1.1

CVE-2004-0802
http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/libs/imlib2/ChangeLog?rev=1.20&view=markup
910486d5-ba4d-11dd-8f23-0019666436c2imlib2 -- XPM processing buffer overflow vulnerability

Secunia reports:

A vulnerability has been discovered in imlib2, which can be exploited by malicious people to potentially compromise an application using the library.

The vulnerability is caused due to a pointer arithmetic error within the "load()" function provided by the XPM loader. This can be exploited to cause a heap-based buffer overflow via a specially crafted XPM file.

Successful exploitation may allow execution of arbitrary code.


Discovery 2008-11-20
Entry 2008-11-24
imlib2
imlib2-nox11
< 1.4.1.000_1,2

32371
CVE-2008-5187
http://secunia.com/Advisories/32796/
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714#15
http://bugzilla.enlightenment.org/show_bug.cgi?id=547
99d3a8a5-c13c-11e5-96d6-14dae9d210b8imlib2 -- denial of service vulnerabilities

Enlightenment reports:

GIF loader: Fix segv on images without colormap

Prevent division-by-zero crashes.

Fix segfault when opening input/queue/id:000007,src:000000,op:flip1,pos:51 with feh


Discovery 2013-12-21
Entry 2016-01-22
imlib2
< 1.4.7

https://git.enlightenment.org/legacy/imlib2.git/tree/ChangeLog
http://seclists.org/oss-sec/2016/q1/162
CVE-2014-9762
CVE-2014-9763
CVE-2014-9764
2001103a-6bbd-11d9-851d-000a95bc6faeimlib -- xpm heap buffer overflows and integer overflows

Pavel Kankovsky reports:

Imlib affected by a variant of CAN-2004-0782 too.

I've discovered more vulnerabilities in Imlib (1.9.13). In particular, it appears to be affected by a variant of Chris Evans' libXpm flaw #1 (CAN-2004-0782, see http://scary.beasts.org/security/CESA-2004-003.txt). Look at the attached image, it kills ee on my 7.3.

The flaws also affect imlib2.


Discovery 2004-12-06
Entry 2005-01-21
imlib
< 1.9.15_2

imlib2
< 1.1.2_1

CVE-2004-1025
CVE-2004-1026
11830
https://bugzilla.fedora.us/show_bug.cgi?id=2051#c11
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138516
http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/libs/imlib2/src/modules/loaders/loader_xpm.c#rev1.3