FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  452465
Date:      2017-10-19
Time:      19:59:15Z
Committer: swills

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
006e3b7c-d7d7-11e5-b85f-0018fe623f2bjasper -- multiple vulnerabilities

oCERT reports:

The library is affected by a double-free vulnerability in function jas_iccattrval_destroy() as well as a heap-based buffer overflow in function jp2_decode(). A specially crafted jp2 file can be used to trigger the vulnerabilities.

oCERT reports:

The library is affected by an off-by-one error in a buffer boundary check in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack overflow. A specially crafted jp2 file can be used to trigger the vulnerabilities.

oCERT reports:

Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.

limingxing reports:

A vulnerability was found in the way the JasPer's jas_matrix_clip() function parses certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.


Discovery 2014-12-10
Entry 2016-02-20
Modified 2016-02-24
jasper
lt 1.900.1_16

http://www.ocert.org/advisories/ocert-2014-012.html
https://bugzilla.redhat.com/show_bug.cgi?id=1173157
https://bugzilla.redhat.com/show_bug.cgi?id=1173162
http://www.ocert.org/advisories/ocert-2015-001.html
https://bugzilla.redhat.com/show_bug.cgi?id=1179282
http://www.ocert.org/advisories/ocert-2014-009.html
https://bugzilla.redhat.com/show_bug.cgi?id=1167537
http://seclists.org/oss-sec/2016/q1/233
https://bugzilla.redhat.com/show_bug.cgi?id=1302636
CVE-2014-8137
CVE-2014-8138
CVE-2014-8157
CVE-2014-8158
CVE-2014-9029
CVE-2016-2089
8ff84335-a7da-11e2-b3f5-003067c2616fjasper -- buffer overflow

Fedora reports:

JasPer fails to properly decode marker segments and other sections in malformed JPEG2000 files. Malformed inputs can cause heap buffer overflows which in turn may result in execution of attacker-controlled code.


Discovery 2011-12-09
Entry 2013-04-18
jasper
lt 1.900.1_12

CVE-2008-3520
CVE-2008-3522
CVE-2011-4516
CVE-2011-4517
http://www.kb.cert.org/vuls/id/887409
f1692469-45ce-11e5-adde-14dae9d210b8jasper -- multiple vulnerabilities

Martin Prpic reports:

A double free flaw was found in the way JasPer's jasper_image_stop_load() function parsed certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

Feist Josselin reports:

A new use-after-free was found in Jasper JPEG-200. The use-after-free appears in the function mif_process_cmpt of the src/libjasper/mif/mif_cod.c file.


Discovery 2015-08-17
Entry 2015-08-18
Modified 2016-02-24
jasper
lt 1.900.1_16

https://bugzilla.redhat.com/show_bug.cgi?id=1254242#c0
http://seclists.org/oss-sec/2015/q3/366
http://seclists.org/oss-sec/2015/q3/408
CVE-2015-5203
CVE-2015-5221