FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  459791
Date:      2018-01-23
Time:      18:43:33Z
Committer: jbeich

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1886e195-8b87-11e5-90e7-b499baebfeaflibpng buffer overflow in png_set_PLTE

libpng reports:

CVE for a vulnerability in libpng, all versions, in the png_set_PLTE/png_get_PLTE functions. These functions failed to check for an out-of-range palette when reading or writing PNG files with a bit_depth less than 8. Some applications might read the bit depth from the IHDR chunk and allocate memory for a 2^N entry palette, while libpng can return a palette with up to 256 entries even when the bit depth is less than 8.

Discovery 2015-11-15
Entry 2015-11-15
Modified 2015-12-08
lt 1.6.20
c564f9bd-8ba7-11e4-801f-0022156e8794png -- heap overflow for 32-bit builds

32-bit builds of PNG library are vulnerable to an unsigned integer overflow that is triggered by a crafted wide interlaced images. Overflow results in a heap corruption that will crash the application and may lead to the controlled overwrite of a selected portions of process address space.

Discovery 2014-12-23
Entry 2015-01-05
ge 1.2.6 lt 1.5.21

ge 1.6 lt 1.6.16
262b92fe-81c8-11e1-8899-001ec9578670png -- memory corruption/possible remote code execution

The PNG project reports:

libpng fails to correctly handle malloc() failures for text chunks (in png_set_text_2()), which can lead to memory corruption and the possibility of remote code execution.

Discovery 2012-03-29
Entry 2012-04-08
lt 1.4.11