FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d881d254-70c6-11e2-862d-080027a5ec9alibexif -- multiple remote vulnerabilities

libexif project security advisory:

A number of remotely exploitable issues were discovered in libexif and exif, with effects ranging from information leakage to potential remote code execution.


Discovery 2012-07-12
Entry 2013-03-13
libexif
< 0.6.21

CVE-2012-2812
CVE-2012-2813
CVE-2012-2814
CVE-2012-2836
CVE-2012-2837
CVE-2012-2840
CVE-2012-2841
CVE-2012-2845
54437
cff0b2e2-0716-11eb-9e5d-08002728f74clibexif -- multiple vulnerabilities

Release notes:

Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others:

CVE-2016-6328: fixed integer overflow when parsing maker notes

CVE-2017-7544: fixed buffer overread

CVE-2018-20030: Fix for recursion DoS

CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs

CVE-2020-0093: read overflow

CVE-2020-12767: fixed division by zero

CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes

CVE-2020-13113: Potential use of uninitialized memory

CVE-2020-13114: Time consumption DoS when parsing canon array markers


Discovery 2020-05-18
Entry 2020-10-05
libexif
< 0.6.22

https://github.com/libexif/libexif/blob/master/NEWS
CVE-2016-6328
CVE-2017-7544
CVE-2018-20030
CVE-2019-9278
CVE-2020-0093
CVE-2020-12767
CVE-2020-13112
CVE-2020-13113
CVE-2020-13114
00f30cba-4d23-11ea-86ba-641c67a117d8libexif -- privilege escalation

Mitre reports:

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation.


Discovery 2019-02-06
Entry 2020-02-11
libexif
< 0.6.21_5

CVE-2019-9278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
https://security-tracker.debian.org/tracker/CVE-2019-9278
https://seclists.org/bugtraq/2020/Feb/9
https://github.com/libexif/libexif/issues/26
624fe633-9006-11d9-a22c-0001020eed82libexif -- buffer overflow vulnerability

Sylvain Defresne reports that libexif is vulnerable to a buffer overflow vulnerability due to insufficient input checking. This could lead crash of applications using libexif.


Discovery 2005-03-03
Entry 2005-03-08
libexif
< 0.6.10_1

12744
CVE-2005-0664
https://bugzilla.ubuntulinux.org/show_bug.cgi?id=7152