FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|e5423caf-8fb8-11e5-918c-bcaec565249c||libxml2 -- multiple vulnerabilities|
CVE-2015-5312 Another entity expansion issue (David Drysdale).
CVE-2015-7497 Avoid an heap buffer overflow in
xmlDictComputeFastQKey (David Drysdale).
CVE-2015-7498 Avoid processing entities after encoding
conversion failures (Daniel Veillard).
CVE-2015-7499 (1) Add xmlHaltParser() to stop the parser
CVE-2015-7499 (2) Detect incoherency on GROW (Daniel
CVE-2015-7500 Fix memory access error due to incorrect
entities boundaries (Daniel Veillard).
CVE-2015-7941 (1) Stop parsing on entities boundaries
errors (Daniel Veillard).
CVE-2015-7941 (2) Cleanup conditional section error
handling (Daniel Veillard).
CVE-2015-7942 Another variation of overflow in
Conditional sections (Daniel Veillard).
CVE-2015-7942 (2) Fix an error in previous Conditional
section patch (Daniel Veillard).
CVE-2015-8035 Fix XZ compression support loop
CVE-2015-8242 Buffer overead with HTML parser in push
mode (Hugh Davenport)
|efdd0edc-da3d-11e3-9ecb-2c4138874f7d||libxml2 -- entity substitution DoS|
Stefan Cornelius reports:
It was discovered that libxml2, a library providing
support to read, modify and write XML files, incorrectly
performs entity substitution in the doctype prolog, even if
the application using libxml2 disabled any entity
substitution. A remote attacker could provide a
specially-crafted XML file that, when processed, would lead
to the exhaustion of CPU and memory resources or file
This issue was discovered by Daniel Berrange of Red Hat.
|0642b064-56c4-11e4-8b87-bcaec565249c||libxml2 -- Denial of service|
A denial of service flaw was found in libxml2, a library
providing support to read, modify and write XML and HTML
files. A remote attacker could provide a specially crafted
XML file that, when processed by an application using
libxml2, would lead to excessive CPU consumption (denial of
service) based on excessive entity substitutions, even if
entity substitution was disabled, which is the parser default
I found 2 entries for ce4b3af8-0b7c-11e1-846b-00235409fd3e. There should be only one.
|b8ae4659-a0da-11e1-a294-bcaec565249c||libxml2 -- An off-by-one out-of-bounds write by XPointer|
Google chrome team reports:
An off-by-one out-of-bounds write flaw was found in the way libxml, a library
for providing XML and HTML support, evaluated certain XPointer parts (XPointer
is used by libxml to include only the part from the returned XML document, that
can be accessed using the XPath expression given with the XPointer). A remote
attacker could provide a specially-crafted XML file, which once opened in an
application, linked against libxml, would lead to that application crash, or,
potentially arbitrary code execution with the privileges of the user running
Note: The flaw to be exploited requires the particular application, linked
against libxml, to use the XPointer evaluation functionality.