FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
11dc3890-0e64-11e8-99b0-d017c2987f9aOpenJPEG -- multiple vulnerabilities

OpenJPEG reports:

Multiple vulnerabilities have been found in OpenJPEG, the opensource JPEG 2000 codec. Please consult the CVE list for further details.

CVE-2017-17479 and CVE-2017-17480 were fixed in r477112.

CVE-2018-5785 was fixed in r480624.

CVE-2018-6616 was fixed in r489415.


Discovery 2017-12-08
Entry 2018-07-27
Modified 2019-02-11
openjpeg
< 2.3.0_3

https://nvd.nist.gov/vuln/detail/CVE-2017-17479
https://nvd.nist.gov/vuln/detail/CVE-2017-17480
https://nvd.nist.gov/vuln/detail/CVE-2018-5785
https://nvd.nist.gov/vuln/detail/CVE-2018-6616
CVE-2017-17479
CVE-2017-17480
CVE-2018-5785
CVE-2018-6616
a233d51f-5d4c-11e5-9ad8-14dae9d210b8openjpeg -- use-after-free vulnerability

Feist Josselin reports:

Use-after-free was found in openjpeg. The vuln is fixed in version 2.1.1 and was located in opj_j2k_write_mco function.


Discovery 2015-08-14
Entry 2015-09-17
openjpeg
< 2.1.1

http://seclists.org/oss-sec/2015/q3/550
https://github.com/uclouvain/openjpeg/issues/563
02db20d7-e34a-11e3-bd92-bcaec565249copenjpeg -- Multiple vulnerabilities

Openjpeg release notes report:

That CVE-2012-3535 and CVE-2012-3358 are fixed in the 1.5.1 release.

That CVE-2013-4289, CVE-2013-4290, CVE-2013-1447, CVE-2013-6045, CVE-2013-6052, CVE-2013-6054, CVE-2013-6053, CVE-2013-6887, where fixed in the 1.5.2 release.


Discovery 2012-05-13
Entry 2014-05-24
openjpeg
< 1.5.2

CVE-2012-3358
CVE-2012-3535
CVE-2013-1447
CVE-2013-4289
CVE-2013-4290
CVE-2013-6045
CVE-2013-6052
CVE-2013-6053
CVE-2013-6054
CVE-2013-6887
http://openjpeg.googlecode.com/svn/tags/version.1.5.1/NEWS
http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS
b7d56d0b-7a11-11e6-af78-589cfc0654e1openjpeg -- multiple vulnerabilities

Tencent's Xuanwu LAB reports:

A Heap Buffer Overflow (Out-of-Bounds Write) issue was found in function opj_dwt_interleave_v of dwt.c. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenJPEG.

An integer overflow issue exists in function opj_pi_create_decode of pi.c. It can lead to Out-Of-Bounds Read and Out-Of-Bounds Write in function opj_pi_next_cprl of pi.c (function opj_pi_next_lrcp, opj_pi_next_rlcp, opj_pi_next_rpcl, opj_pi_next_pcrl may also be vulnerable). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenJPEG.


Discovery 2016-09-08
Entry 2016-10-11
openjpeg
< 2.1.1_1

"http://www.openwall.com/lists/oss-security/2016/09/08/2"
"http://www.openwall.com/lists/oss-security/2016/09/08/3"
CVE-2016-5157
CVE-2016-7163
5efd7a93-2dfb-11e9-9549-e980e869c2e9OpenJPEG -- integer overflow

NVD reports:

In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.


Discovery 2017-12-08
Entry 2019-02-11
Modified 2019-03-29
openjpeg
< 2.3.0_4

https://nvd.nist.gov/vuln/detail/CVE-2018-5727
https://github.com/uclouvain/openjpeg/issues/1053
CVE-2018-5727