FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318877
Date:      2013-05-23
Time:      15:30:07Z
Committer: flo

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6733e1bf-125f-11de-a964-0030843d3802	ffmpeg -- 4xm processing memory corruption vulnerability Secunia reports: Tobias Klein has reported a vulnerability in FFmpeg, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a signedness error within the "fourxm_read_header()" function in libavformat/4xm.c. This can be exploited to corrupt arbitrary memory via a specially crafted 4xm file. Discovery 2009-01-28 Entry 2009-03-16 ffmpeg lt 2008.07.27_9 33502 CVE-2009-0385 http://secunia.com/advisories/33711/ http://trapkit.de/advisories/TKADV2009-004.txt
ea2ddc49-3e8e-11e1-8095-5404a67eef98	ffmpeg -- multiple vulnerabilities Ubuntu Security Notice USN-1320-1 reports: Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4351) Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed VP3 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4352) Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed VP5 and VP6 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4353) It was discovered that FFmpeg incorrectly handled certain malformed VMD files. If a user were tricked into opening a crafted VMD file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4364) Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed SVQ1 streams. If a user were tricked into opening a crafted SVQ1 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4579) Discovery 2011-09-14 Entry 2012-01-14 ffmpeg lt 0.7.11,1 CVE-2011-4351 CVE-2011-4352 CVE-2011-4353 CVE-2011-4364 CVE-2011-4579 http://www.ubuntu.com/usn/usn-1320-1
6733e1bf-125f-11de-a964-0030843d3802	ffmpeg -- 4xm processing memory corruption vulnerability Secunia reports: Tobias Klein has reported a vulnerability in FFmpeg, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a signedness error within the "fourxm_read_header()" function in libavformat/4xm.c. This can be exploited to corrupt arbitrary memory via a specially crafted 4xm file. Discovery 2009-01-28 Entry 2009-03-16 ffmpeg lt 2008.07.27_9 33502 CVE-2009-0385 http://secunia.com/advisories/33711/ http://trapkit.de/advisories/TKADV2009-004.txt
ea2ddc49-3e8e-11e1-8095-5404a67eef98	ffmpeg -- multiple vulnerabilities Ubuntu Security Notice USN-1320-1 reports: Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4351) Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed VP3 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4352) Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed VP5 and VP6 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4353) It was discovered that FFmpeg incorrectly handled certain malformed VMD files. If a user were tricked into opening a crafted VMD file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4364) Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed SVQ1 streams. If a user were tricked into opening a crafted SVQ1 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4579) Discovery 2011-09-14 Entry 2012-01-14 ffmpeg lt 0.7.11,1 CVE-2011-4351 CVE-2011-4352 CVE-2011-4353 CVE-2011-4364 CVE-2011-4579 http://www.ubuntu.com/usn/usn-1320-1