FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
bd349f7a-b3b9-11e5-8255-5453ed2e2b49tiff -- out-of-bounds read in tif_getimage.c

LMX of Qihoo 360 Codesafe Team discovered an out-of-bounds read in tif_getimage.c. An attacker could create a specially-crafted TIFF file that could cause libtiff to crash.


Discovery 2015-12-24
Entry 2016-01-05
Modified 2016-09-06
tiff
< 4.0.6_1

linux-c6-tiff
< 3.9.4_2

linux-f10-tiff
ge *

CVE-2015-8665
http://www.openwall.com/lists/oss-security/2015/12/24/2
b65e4914-b3bc-11e5-8255-5453ed2e2b49tiff -- out-of-bounds read in CIE Lab image format

zzf of Alibaba discovered an out-of-bounds vulnerability in the code processing the LogLUV and CIE Lab image format files. An attacker could create a specially-crafted TIFF file that could cause libtiff to crash.


Discovery 2015-12-25
Entry 2016-01-05
Modified 2016-09-06
tiff
< 4.0.6_1

linux-c6-tiff
< 3.9.4_2

linux-f10-tiff
ge *

CVE-2015-8683
http://www.openwall.com/lists/oss-security/2015/12/25/2
0ab66088-4aa5-11e6-a7bd-14dae9d210b8tiff -- buffer overflow

Mathias Svensson reports:

potential buffer write overrun in PixarLogDecode() on corrupted/unexpected images


Discovery 2016-06-28
Entry 2016-07-15
Modified 2016-09-06
tiff
< 4.0.6_2

linux-c6-tiff
< 3.9.4_2

linux-f10-tiff
ge *

https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
CVE-2016-5314
CVE-2016-5320
CVE-2016-5875
8816bf3a-7929-11df-bcce-0018f3e2eb82tiff -- Multiple integer overflows

Tielei Wang:

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.


Discovery 2009-05-22
Entry 2010-06-16
tiff
< 3.9.4

linux-tiff
linux-f10-tiff
< 3.9.4

CVE-2009-2347
http://www.remotesensing.org/libtiff/v3.9.4.html
http://www.ocert.org/advisories/ocert-2009-012.html
2a96e498-3234-4950-a9ad-419bc84a839dtiff -- multiple vulnerabilities

NVD reports:

Please reference CVE/URL list for details


Discovery 2017-04-01
Entry 2017-04-20
tiff
linux-f8-tiff
linux-f10-tiff
linux-c6-tiff
linux-c7-tiff
< 4.0.8

CVE-2017-5225
CVE-2017-7592
CVE-2017-7593
CVE-2017-7594
CVE-2017-7595
CVE-2017-7596
CVE-2017-7597
CVE-2017-7598
CVE-2017-7599
CVE-2017-7600
CVE-2017-7601
CVE-2017-7602
https://github.com/vadz/libtiff/commit/5c080298d59e
https://github.com/vadz/libtiff/commit/48780b4fcc42
https://github.com/vadz/libtiff/commit/d60332057b95
https://github.com/vadz/libtiff/commit/2ea32f7372b6
https://github.com/vadz/libtiff/commit/8283e4d1b7e5
https://github.com/vadz/libtiff/commit/47f2fb61a3a6
https://github.com/vadz/libtiff/commit/3cfd62d77c2a
https://github.com/vadz/libtiff/commit/3144e57770c1
https://github.com/vadz/libtiff/commit/0a76a8c765c7
https://github.com/vadz/libtiff/commit/66e7bd595209