FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b48e7b14-052a-11ea-a1de-53b029d2b061libmad -- multiple vulnerabilities

National Vulnerability Database:

CVE-2017-8372: The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file.

CVE-2017-8373: The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.

CVE-2017-8374: The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.


Discovery 2017-04-30
Entry 2019-11-13
libmad
lt 0.15.1b_7

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133#15
https://nvd.nist.gov/vuln/detail/CVE-2017-8372
https://nvd.nist.gov/vuln/detail/CVE-2017-8373
https://nvd.nist.gov/vuln/detail/CVE-2017-8374
https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/
https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/
CVE-2017-8372
CVE-2017-8373
CVE-2017-8374