FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  514783
Date:      2019-10-19
Time:      09:52:18Z
Committer: wen

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2001103a-6bbd-11d9-851d-000a95bc6faeimlib -- xpm heap buffer overflows and integer overflows

Pavel Kankovsky reports:

Imlib affected by a variant of CAN-2004-0782 too.

I've discovered more vulnerabilities in Imlib (1.9.13). In particular, it appears to be affected by a variant of Chris Evans' libXpm flaw #1 (CAN-2004-0782, see http://scary.beasts.org/security/CESA-2004-003.txt). Look at the attached image, it kills ee on my 7.3.

The flaws also affect imlib2.


Discovery 2004-12-06
Entry 2005-01-21
imlib
lt 1.9.15_2

imlib2
lt 1.1.2_1

CVE-2004-1025
CVE-2004-1026
11830
https://bugzilla.fedora.us/show_bug.cgi?id=2051#c11
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138516
http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/libs/imlib2/src/modules/loaders/loader_xpm.c#rev1.3
2001103a-6bbd-11d9-851d-000a95bc6faeimlib -- xpm heap buffer overflows and integer overflows

Pavel Kankovsky reports:

Imlib affected by a variant of CAN-2004-0782 too.

I've discovered more vulnerabilities in Imlib (1.9.13). In particular, it appears to be affected by a variant of Chris Evans' libXpm flaw #1 (CAN-2004-0782, see http://scary.beasts.org/security/CESA-2004-003.txt). Look at the attached image, it kills ee on my 7.3.

The flaws also affect imlib2.


Discovery 2004-12-06
Entry 2005-01-21
imlib
lt 1.9.15_2

imlib2
lt 1.1.2_1

CVE-2004-1025
CVE-2004-1026
11830
https://bugzilla.fedora.us/show_bug.cgi?id=2051#c11
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138516
http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/libs/imlib2/src/modules/loaders/loader_xpm.c#rev1.3
00644f03-fb58-11d8-9837-000c41e2cdadimlib -- BMP decoder heap buffer overflow

Marcus Meissner discovered that imlib's BMP decoder would crash when loading the test BMP file created by Chris Evans for testing the previous Qt vulnerability. It is believed that this bug could be exploited for arbitrary code execution.


Discovery 2004-08-25
Entry 2004-08-31
Modified 2004-09-02
imlib
lt 1.9.14_4

CVE-2004-0817
http://bugzilla.gnome.org/show_bug.cgi?id=151034
00644f03-fb58-11d8-9837-000c41e2cdadimlib -- BMP decoder heap buffer overflow

Marcus Meissner discovered that imlib's BMP decoder would crash when loading the test BMP file created by Chris Evans for testing the previous Qt vulnerability. It is believed that this bug could be exploited for arbitrary code execution.


Discovery 2004-08-25
Entry 2004-08-31
Modified 2004-09-02
imlib
lt 1.9.14_4

CVE-2004-0817
http://bugzilla.gnome.org/show_bug.cgi?id=151034