FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  456043
Date:      2017-12-11
Time:      14:53:31Z
Committer: tijl

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0d724b05-687f-4527-9c03-af34d3b094ecImageMagick -- multiple vulnerabilities

Openwall reports:

Insufficient filtering for filename passed to delegate's command allows remote code execution during conversion of several file formats. Any service which uses ImageMagick to process user supplied images and uses default delegates.xml / policy.xml, may be vulnerable to this issue.

It is possible to make ImageMagick perform a HTTP GET or FTP request

It is possible to delete files by using ImageMagick's 'ephemeral' pseudo protocol which deletes files after reading.

It is possible to move image files to file with any extension in any folder by using ImageMagick's 'msl' pseudo protocol. msl.txt and image.gif should exist in known location - /tmp/ for PoC (in real life it may be web service written in PHP, which allows to upload raw txt files and process images with ImageMagick).

It is possible to get content of the files from the server by using ImageMagick's 'label' pseudo protocol.


Discovery 2016-05-03
Entry 2016-05-06
Modified 2016-05-07
ImageMagick
ImageMagick-nox11
lt 6.9.3.9_1,1

ImageMagick7
ImageMagick7-nox11
ge 7.0.0.0.b20150715 lt 7.0.1.0_1

CVE-2016-3714
CVE-2016-3715
CVE-2016-3716
CVE-2016-3717
CVE-2016-3718
http://www.openwall.com/lists/oss-security/2016/05/03/18
https://imagetragick.com/
10f7f782-901c-11e6-a590-14dae9d210b8ImageMagick -- multiple vulnerabilities

Debian reports:

Various memory handling problems and cases of missing or incomplete input sanitizing may result in denial of service or the execution of arbitrary code if malformed SIXEL, PDB, MAP, SGI, TIFF and CALS files are processed.


Discovery 2016-09-23
Entry 2016-10-12
Modified 2016-10-18
ImageMagick
ImageMagick-nox11
lt 6.9.5.10,1

https://www.debian.org/security/2016/dsa-3675
ports/213032
82b702e0-1907-11e6-857b-00221503d280imagemagick -- buffer overflow

ImageMagick reports:

Fix a buffer overflow in magick/drag.c/DrawStrokePolygon().


Discovery 2016-05-09
Entry 2016-05-13
ImageMagick
ImageMagick-nox11
lt 6.9.4.1,1

ImageMagick7
ImageMagick7-nox11
ge 7.0.0.0.b20150715 lt 7.0.1.3

http://legacy.imagemagick.org/script/changelog.php
19d35b0f-ba73-11e6-b1cf-14dae9d210b8ImageMagick -- heap overflow vulnerability

Bastien Roucaries reports:

Imagemagick before 3cbfb163cff9e5b8cdeace8312e9bfee810ed02b suffer from a heap overflow in WaveletDenoiseImage(). This problem is easily trigerrable from a Perl script.


Discovery 2016-11-13
Entry 2016-12-04
ImageMagick
ImageMagick-nox11
lt 6.9.6.4,1

ImageMagick7
ImageMagick7-nox11
lt 7.0.3.7

http://seclists.org/oss-sec/2016/q4/413
https://github.com/ImageMagick/ImageMagick/issues/296
CVE-2016-9298
ports/214517
ports/214511
ports/214520
50776801-4183-11e7-b291-b499baebfeafImageMagick -- multiple vulnerabilities

Please reference CVE/URL list for details


Discovery 2017-03-05
Entry 2017-05-25
Modified 2017-05-29
ImageMagick
ImageMagick-nox11
lt 6.9.6.4_2,1

ge 6.9.7.0,1 lt 6.9.8.8,1

ImageMagick7
ImageMagick7-nox11
lt 7.0.5.9

https://nvd.nist.gov/vuln/search/results?query=ImageMagick
CVE-2017-5506
CVE-2017-5507
CVE-2017-5508
CVE-2017-5509
CVE-2017-5510
CVE-2017-5511
CVE-2017-6497
CVE-2017-6498
CVE-2017-6499
CVE-2017-6500
CVE-2017-6501
CVE-2017-6502
CVE-2017-7275
CVE-2017-7606
CVE-2017-7619
CVE-2017-7941
CVE-2017-7942
CVE-2017-7943
CVE-2017-8343
CVE-2017-8344
CVE-2017-8345
CVE-2017-8346
CVE-2017-8347
CVE-2017-8348
CVE-2017-8349
CVE-2017-8350
CVE-2017-8351
CVE-2017-8352
CVE-2017-8353
CVE-2017-8354
CVE-2017-8355
CVE-2017-8356
CVE-2017-8357
CVE-2017-8765
CVE-2017-8830
CVE-2017-9141
CVE-2017-9142
CVE-2017-9143
CVE-2017-9144