FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
faf7c1d0-f5bb-47b4-a6a8-ef57317b9766	ffmpeg -- multiple vulnerabilities NVD reports: An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability. A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. Discovery 2022-11-12 Entry 2023-04-07 Modified 2023-04-10 ffmpeg ge 5.1,1 lt 5.1.3,1 ge 5.0,1 lt 5.0.3,1 < 4.4.4,1 ffmpeg4 < 4.4.4 avidemux le 2.9 emby-server emby-server-devel ge 0 handbrake < 1.6.0 mythtv mythtv-frontend le 33.0,1 CVE-2022-3109 CVE-2022-3341 CVE-2022-3964 https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/2cdddcd6ec90c7a248ffe792d85faa4d89eab9f7 https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/481e81be1271ac9a0124ee615700390c2371bd89 https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/1eb002596e3761d88de4aeea3158692b82fb6307 https://ffmpeg.org/security.html
5ccbb2f8-c798-11e7-a633-009c02a2ab30	ffmpeg -- multiple vulnerabilities MITRE reports: Multiple vulnerabilities have been found in FFmpeg. Please refer to CVE list for details. Note: CVE-2017-15186 and CVE-2017-15672 affect only the 3.3 branch before 3.3.5, CVE-2017-16840 and CVE-2017-17081 have been fixed in 3.4.1. They're listed here for completeness of the record. Discovery 2017-10-09 Entry 2018-07-27 ffmpeg < 3.3.5_1,1 ge 3.4,1 le 3.4.1_4,1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15186 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15672 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16840 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6392 http://ffmpeg.org/security.html CVE-2017-15186 CVE-2017-15672 CVE-2017-16840 CVE-2017-17081 CVE-2018-6392

VuXML ID

Description

faf7c1d0-f5bb-47b4-a6a8-ef57317b9766

ffmpeg -- multiple vulnerabilities

NVD reports:

An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availability.

A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.

A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.

Discovery 2022-11-12
Entry 2023-04-07
Modified 2023-04-10
ffmpeg

ge 5.1,1 lt 5.1.3,1

ge 5.0,1 lt 5.0.3,1

< 4.4.4,1

ffmpeg4

< 4.4.4

avidemux

le 2.9

emby-server
emby-server-devel

ge 0

handbrake

< 1.6.0

mythtv
mythtv-frontend

le 33.0,1

CVE-2022-3109
CVE-2022-3341
CVE-2022-3964
https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/2cdddcd6ec90c7a248ffe792d85faa4d89eab9f7
https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/481e81be1271ac9a0124ee615700390c2371bd89
https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/1eb002596e3761d88de4aeea3158692b82fb6307
https://ffmpeg.org/security.html

5ccbb2f8-c798-11e7-a633-009c02a2ab30

ffmpeg -- multiple vulnerabilities

MITRE reports:

Multiple vulnerabilities have been found in FFmpeg. Please refer to CVE list for details.

Note: CVE-2017-15186 and CVE-2017-15672 affect only the 3.3 branch before 3.3.5, CVE-2017-16840 and CVE-2017-17081 have been fixed in 3.4.1. They're listed here for completeness of the record.

Discovery 2017-10-09
Entry 2018-07-27
ffmpeg

< 3.3.5_1,1

ge 3.4,1 le 3.4.1_4,1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15672
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6392
http://ffmpeg.org/security.html
CVE-2017-15186
CVE-2017-15672
CVE-2017-16840
CVE-2017-17081
CVE-2018-6392