FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d49f86ab-d9c7-11eb-a200-00155d01f201Exiv2 -- Multiple vulnerabilities

Exiv2 teams reports:

Multiple vulnerabilities covering buffer overflows, out-of-bounds, read of uninitialized memory and denial of serivce. The heap overflow is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file.


Discovery 2021-04-25
Entry 2021-06-30
exiv2
lt 0.27.4,1

CVE-2021-29457
https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
CVE-2021-29458
https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5
CVE-2021-29463
https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr
CVE-2021-29464
https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p
CVE-2021-29470
https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj
CVE-2021-29473
https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
CVE-2021-29623
https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
CVE-2021-32617
https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj
CVE-2021-3482
https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jp9-m3fv-2vg9