FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  452696
Date:      2017-10-23
Time:      08:57:11Z
Committer: brnrd

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
48aab1d0-4252-11de-b67a-0030843d3802libwmf -- integer overflow vulnerability

Secunia reports:

infamous41md has reported a vulnerability in libwmf, which potentially can be exploited by malicious people to compromise an application using the vulnerable library.

The vulnerability is caused due to an integer overflow error when allocating memory based on a value taken directly from a WMF file without performing any checks. This can be exploited to cause a heap-based buffer overflow when a specially crafted WMF file is processed.


Discovery 2006-07-03
Entry 2009-05-16
libwmf
lt 0.2.8.4_3

18751
CVE-2006-3376
http://secunia.com/advisories/20921/
48aab1d0-4252-11de-b67a-0030843d3802libwmf -- integer overflow vulnerability

Secunia reports:

infamous41md has reported a vulnerability in libwmf, which potentially can be exploited by malicious people to compromise an application using the vulnerable library.

The vulnerability is caused due to an integer overflow error when allocating memory based on a value taken directly from a WMF file without performing any checks. This can be exploited to cause a heap-based buffer overflow when a specially crafted WMF file is processed.


Discovery 2006-07-03
Entry 2009-05-16
libwmf
lt 0.2.8.4_3

18751
CVE-2006-3376
http://secunia.com/advisories/20921/
ca139c7f-2a8c-11e5-a4a5-002590263bf5libwmf -- multiple vulnerabilities

Mitre reports:

Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.

The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact.

The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.

The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file.

Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.

Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file.


Discovery 2004-10-12
Entry 2015-07-15
libwmf
lt 0.2.8.4_14

11663
22289
24089
24651
36712
ports/201513
CVE-2004-0941
CVE-2007-0455
CVE-2007-2756
CVE-2007-3472
CVE-2007-3473
CVE-2007-3477
CVE-2009-3546
CVE-2015-0848
CVE-2015-4695
CVE-2015-4696
CVE-2015-4588
6a245f31-4254-11de-b67a-0030843d3802libwmf -- embedded GD library Use-After-Free vulnerability

Secunia reports:

A vulnerability has been reported in libwmf, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.

The vulnerability is caused due to a use-after-free error within the embedded GD library, which can be exploited to cause a crash or potentially to execute arbitrary code via a specially crafted WMF file.


Discovery 2009-05-05
Entry 2009-05-16
libwmf
lt 0.2.8.4_3

34792
CVE-2009-1364
https://bugzilla.redhat.com/show_bug.cgi?id=496864
https://rhn.redhat.com/errata/RHSA-2009-0457.html
http://secunia.com/advisories/34901/
6a245f31-4254-11de-b67a-0030843d3802libwmf -- embedded GD library Use-After-Free vulnerability

Secunia reports:

A vulnerability has been reported in libwmf, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.

The vulnerability is caused due to a use-after-free error within the embedded GD library, which can be exploited to cause a crash or potentially to execute arbitrary code via a specially crafted WMF file.


Discovery 2009-05-05
Entry 2009-05-16
libwmf
lt 0.2.8.4_3

34792
CVE-2009-1364
https://bugzilla.redhat.com/show_bug.cgi?id=496864
https://rhn.redhat.com/errata/RHSA-2009-0457.html
http://secunia.com/advisories/34901/