FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  374986
Date:      2014-12-20
Time:      00:21:30Z
Committer: delphij

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ea2ddc49-3e8e-11e1-8095-5404a67eef98ffmpeg -- multiple vulnerabilities

Ubuntu Security Notice USN-1320-1 reports:

Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4351)

Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed VP3 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4352)

Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed VP5 and VP6 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4353)

It was discovered that FFmpeg incorrectly handled certain malformed VMD files. If a user were tricked into opening a crafted VMD file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4364)

Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed SVQ1 streams. If a user were tricked into opening a crafted SVQ1 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4579)


Discovery 2011-09-14
Entry 2012-01-14
ffmpeg
lt 0.7.11,1

CVE-2011-4351
CVE-2011-4352
CVE-2011-4353
CVE-2011-4364
CVE-2011-4579
http://www.ubuntu.com/usn/usn-1320-1
ea2ddc49-3e8e-11e1-8095-5404a67eef98ffmpeg -- multiple vulnerabilities

Ubuntu Security Notice USN-1320-1 reports:

Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4351)

Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed VP3 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4352)

Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed VP5 and VP6 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4353)

It was discovered that FFmpeg incorrectly handled certain malformed VMD files. If a user were tricked into opening a crafted VMD file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4364)

Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed SVQ1 streams. If a user were tricked into opening a crafted SVQ1 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4579)


Discovery 2011-09-14
Entry 2012-01-14
ffmpeg
lt 0.7.11,1

CVE-2011-4351
CVE-2011-4352
CVE-2011-4353
CVE-2011-4364
CVE-2011-4579
http://www.ubuntu.com/usn/usn-1320-1
6733e1bf-125f-11de-a964-0030843d3802ffmpeg -- 4xm processing memory corruption vulnerability

Secunia reports:

Tobias Klein has reported a vulnerability in FFmpeg, which potentially can be exploited by malicious people to compromise an application using the library.

The vulnerability is caused due to a signedness error within the "fourxm_read_header()" function in libavformat/4xm.c. This can be exploited to corrupt arbitrary memory via a specially crafted 4xm file.


Discovery 2009-01-28
Entry 2009-03-16
ffmpeg
lt 2008.07.27_9

33502
CVE-2009-0385
http://secunia.com/advisories/33711/
http://trapkit.de/advisories/TKADV2009-004.txt
6733e1bf-125f-11de-a964-0030843d3802ffmpeg -- 4xm processing memory corruption vulnerability

Secunia reports:

Tobias Klein has reported a vulnerability in FFmpeg, which potentially can be exploited by malicious people to compromise an application using the library.

The vulnerability is caused due to a signedness error within the "fourxm_read_header()" function in libavformat/4xm.c. This can be exploited to corrupt arbitrary memory via a specially crafted 4xm file.


Discovery 2009-01-28
Entry 2009-03-16
ffmpeg
lt 2008.07.27_9

33502
CVE-2009-0385
http://secunia.com/advisories/33711/
http://trapkit.de/advisories/TKADV2009-004.txt