FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  351364
Date:      2014-04-15
Time:      20:21:44Z
Committer: swills

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
da5c4072-8082-11dd-9c8c-001c2514716cclamav -- CHM Processing Denial of Service

Hanno Boeck reports:

A fuzzing test showed weakness in the chm parser of clamav, which can possibly be exploited. The clamav team has disabled the chm module in older versions though freshclam updates and has released 0.94 with a fixed parser.


Discovery 2008-07-09
Entry 2008-09-12
clamav
lt 0.94

clamav-devel
lt 20080902

CVE-2008-1389
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089
eb12ebee-b7af-11e1-b5e0-000c299b62e1clamav -- multiple vulnerabilities

MITRE Advisories report:

The TAR parser allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence.

The TAR parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.

The Microsoft CHM file parser allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file.

The TAR file parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header ofxi the next entry.


Discovery 2012-03-19
Entry 2012-06-16
clamav
lt 0.97.5

clamav-devel
lt 20120612

CVE-2012-1419
CVE-2012-1457
CVE-2012-1458
CVE-2012-1459
da5c4072-8082-11dd-9c8c-001c2514716cclamav -- CHM Processing Denial of Service

Hanno Boeck reports:

A fuzzing test showed weakness in the chm parser of clamav, which can possibly be exploited. The clamav team has disabled the chm module in older versions though freshclam updates and has released 0.94 with a fixed parser.


Discovery 2008-07-09
Entry 2008-09-12
clamav
lt 0.94

clamav-devel
lt 20080902

CVE-2008-1389
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089
24b64fb0-af1d-11dd-8a16-001b1116b350clamav -- off-by-one heap overflow in VBA project parser

Advisory from Moritz Jodeit, November 8th, 2008:

ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the `clamd' process by sending an email with a prepared attachment.

A VBA project file embedded inside an OLE2 office document send as an attachment can trigger the off-by-one.

Entry from Thu Oct 30 13:52:42 CET 2008 (acab) in ChangeLog:

libclamav/vba_extract.c: get_unicode_name off-by-one, bb#1239 reported by Moritz Jodeit >moritz*jodeit.org<


Discovery 2008-11-08
Entry 2008-11-10
clamav
lt 0.94.1

clamav-devel
lt 20081105

http://www.securityfocus.com/archive/1/498169/30/0/threaded
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
CVE-2008-5050
eb12ebee-b7af-11e1-b5e0-000c299b62e1clamav -- multiple vulnerabilities

MITRE Advisories report:

The TAR parser allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence.

The TAR parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.

The Microsoft CHM file parser allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file.

The TAR file parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header ofxi the next entry.


Discovery 2012-03-19
Entry 2012-06-16
clamav
lt 0.97.5

clamav-devel
lt 20120612

CVE-2012-1419
CVE-2012-1457
CVE-2012-1458
CVE-2012-1459
24b64fb0-af1d-11dd-8a16-001b1116b350clamav -- off-by-one heap overflow in VBA project parser

Advisory from Moritz Jodeit, November 8th, 2008:

ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the `clamd' process by sending an email with a prepared attachment.

A VBA project file embedded inside an OLE2 office document send as an attachment can trigger the off-by-one.

Entry from Thu Oct 30 13:52:42 CET 2008 (acab) in ChangeLog:

libclamav/vba_extract.c: get_unicode_name off-by-one, bb#1239 reported by Moritz Jodeit >moritz*jodeit.org<


Discovery 2008-11-08
Entry 2008-11-10
clamav
lt 0.94.1

clamav-devel
lt 20081105

http://www.securityfocus.com/archive/1/498169/30/0/threaded
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
CVE-2008-5050