FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  452616
Date:      2017-10-21
Time:      23:01:18Z
Committer: cpm

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
803879e9-4195-11e7-9b08-080027ef73ecOpenEXR -- multiple remote code execution and denial of service vulnerabilities

Brandon Perry reports:

[There] is a zip file of EXR images that cause segmentation faults in the OpenEXR library (tested against 2.2.0).

  • CVE-2017-9110 In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.
  • CVE-2017-9111 In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.
  • CVE-2017-9112 In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ImfHuf.cpp could cause the application to crash.
  • CVE-2017-9113 In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.
  • CVE-2017-9114 In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ImfFastHuf.cpp could cause the application to crash.
  • CVE-2017-9115 In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.
  • CVE-2017-9116 In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function in ImfZip.cpp could cause the application to crash.

Discovery 2017-01-12
Entry 2017-05-25
OpenEXR
lt 2.2.1

http://www.openwall.com/lists/oss-security/2017/05/12/5
CVE-2017-9110
CVE-2017-9111
CVE-2017-9112
CVE-2017-9113
CVE-2017-9114
CVE-2017-9115
CVE-2017-9116
https://github.com/openexr/openexr/issues/232