FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318853
Date:      2013-05-23
Time:      08:20:48Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
313da7dc-763b-11df-bcce-0018f3e2eb82tiff -- buffer overflow vulnerability

Kevin Finisterre reports:

Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking. Credit to Kevin Finisterre of digitalmunition.com for reporting these issues.


Discovery 2010-04-15
Entry 2010-06-12
tiff
lt 3.9.3

linux-tiff
lt 3.9.3

CVE-2010-1411
http://www.remotesensing.org/libtiff/v3.9.3.html
http://support.apple.com/kb/HT4196
8816bf3a-7929-11df-bcce-0018f3e2eb82tiff -- Multiple integer overflows

Tielei Wang:

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.


Discovery 2009-05-22
Entry 2010-06-16
tiff
lt 3.9.4

linux-tiff
lt 3.9.4

CVE-2009-2347
http://www.remotesensing.org/libtiff/v3.9.4.html
http://www.ocert.org/advisories/ocert-2009-012.html
313da7dc-763b-11df-bcce-0018f3e2eb82tiff -- buffer overflow vulnerability

Kevin Finisterre reports:

Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking. Credit to Kevin Finisterre of digitalmunition.com for reporting these issues.


Discovery 2010-04-15
Entry 2010-06-12
tiff
lt 3.9.3

linux-tiff
lt 3.9.3

CVE-2010-1411
http://www.remotesensing.org/libtiff/v3.9.3.html
http://support.apple.com/kb/HT4196
68222076-010b-11da-bc08-0001020eed82tiff -- buffer overflow vulnerability

A Gentoo Linux Security Advisory reports:

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag.

Successful exploitation would require the victim to open a specially crafted TIFF image, resulting in the execution of arbitrary code.


Discovery 2005-05-10
Entry 2005-07-30
Modified 2006-06-08
tiff
lt 3.7.3

linux-tiff
lt 3.6.1_3

pdflib
pdflib-perl
lt 6.0.1_2

gdal
lt 1.2.1_2

ivtools
lt 1.2.3

paraview
lt 2.4.3

fractorama
lt 1.6.7_1

iv
ja-iv
ja-libimg
gt 0

CVE-2005-1544
http://bugzilla.remotesensing.org/show_bug.cgi?id=843
http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml
http://www.remotesensing.org/libtiff/v3.7.3.html
8816bf3a-7929-11df-bcce-0018f3e2eb82tiff -- Multiple integer overflows

Tielei Wang:

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.


Discovery 2009-05-22
Entry 2010-06-16
tiff
lt 3.9.4

linux-tiff
lt 3.9.4

CVE-2009-2347
http://www.remotesensing.org/libtiff/v3.9.4.html
http://www.ocert.org/advisories/ocert-2009-012.html
68222076-010b-11da-bc08-0001020eed82tiff -- buffer overflow vulnerability

A Gentoo Linux Security Advisory reports:

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag.

Successful exploitation would require the victim to open a specially crafted TIFF image, resulting in the execution of arbitrary code.


Discovery 2005-05-10
Entry 2005-07-30
Modified 2006-06-08
tiff
lt 3.7.3

linux-tiff
lt 3.6.1_3

pdflib
pdflib-perl
lt 6.0.1_2

gdal
lt 1.2.1_2

ivtools
lt 1.2.3

paraview
lt 2.4.3

fractorama
lt 1.6.7_1

iv
ja-iv
ja-libimg
gt 0

CVE-2005-1544
http://bugzilla.remotesensing.org/show_bug.cgi?id=843
http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml
http://www.remotesensing.org/libtiff/v3.7.3.html