FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  363620
Date:      2014-07-31
Time:      15:23:47Z
Committer: rakuco

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a460035e-d111-11e1-aff7-001fd056c417libjpeg-turbo -- heap-based buffer overflow

The Changelog for version 1.2.1 says: Fixed a regression caused by 1.2.0[6] in which decompressing corrupt JPEG images (specifically, images in which the component count was erroneously set to a large value) would cause libjpeg-turbo to segfault.

A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application.


Discovery 2012-05-31
Entry 2012-07-18
Modified 2012-07-19
libjpeg-turbo
lt 1.2.1

CVE-2012-2806
http://sourceforge.net/projects/libjpeg-turbo/files/1.2.1/README.txt
https://bugzilla.redhat.com/show_bug.cgi?id=826849
a460035e-d111-11e1-aff7-001fd056c417libjpeg-turbo -- heap-based buffer overflow

The Changelog for version 1.2.1 says: Fixed a regression caused by 1.2.0[6] in which decompressing corrupt JPEG images (specifically, images in which the component count was erroneously set to a large value) would cause libjpeg-turbo to segfault.

A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application.


Discovery 2012-05-31
Entry 2012-07-18
Modified 2012-07-19
libjpeg-turbo
lt 1.2.1

CVE-2012-2806
http://sourceforge.net/projects/libjpeg-turbo/files/1.2.1/README.txt
https://bugzilla.redhat.com/show_bug.cgi?id=826849