FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
cf133acc-82e7-4755-a66a-5ddf90dacbe6	graphite2 -- out-of-bounds write with malicious font Mozilla Foundation reports: An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. Discovery 2017-04-19 Entry 2017-04-19 Modified 2017-04-20 graphite2 < 1.3.9_1 linux-c7-graphite2 < 1.3.10 CVE-2017-5436 https://github.com/silnrsi/graphite/commit/1ce331d5548b
adffe823-e692-4921-ae9c-0b825c218372	graphite2 -- multiple vulnerabilities Mozilla Foundation reports: Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts. Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash. Discovery 2016-03-08 Entry 2016-03-08 Modified 2016-03-14 graphite2 < 1.3.6 linux-firefox < 45.0,1 linux-thunderbird < 38.7.0 linux-seamonkey < 2.42 https://www.mozilla.org/security/advisories/mfsa2016-37/ https://www.mozilla.org/security/advisories/mfsa2016-38/ CVE-2016-1969 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802

VuXML ID

Description

cf133acc-82e7-4755-a66a-5ddf90dacbe6

graphite2 -- out-of-bounds write with malicious font

Mozilla Foundation reports:

An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products.

Discovery 2017-04-19
Entry 2017-04-19
Modified 2017-04-20
graphite2

< 1.3.9_1

linux-c7-graphite2

< 1.3.10

CVE-2017-5436
https://github.com/silnrsi/graphite/commit/1ce331d5548b

adffe823-e692-4921-ae9c-0b825c218372

graphite2 -- multiple vulnerabilities

Mozilla Foundation reports:

Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts.

Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash.

Discovery 2016-03-08
Entry 2016-03-08
Modified 2016-03-14
graphite2

< 1.3.6

linux-firefox

< 45.0,1

linux-thunderbird

< 38.7.0

linux-seamonkey

< 2.42

https://www.mozilla.org/security/advisories/mfsa2016-37/
https://www.mozilla.org/security/advisories/mfsa2016-38/
CVE-2016-1969
CVE-2016-1977
CVE-2016-2790
CVE-2016-2791
CVE-2016-2792
CVE-2016-2793
CVE-2016-2794
CVE-2016-2795
CVE-2016-2796
CVE-2016-2797
CVE-2016-2798
CVE-2016-2799
CVE-2016-2800
CVE-2016-2801
CVE-2016-2802