FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID Description

VuXML ID	Description
2a6106c6-73e5-11ec-8fa2-0800270512f4	clamav -- invalid pointer read that may cause a crash Laurent Delosieres reports: Fix for invalid pointer read that may cause a crash. This issue affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the `CL_SCAN_GENERAL_COLLECT_METADATA` scan option (the `clamscan --gen-json` option) is enabled. Discovery 2022-01-12 Entry 2022-01-12 clamav < 0.104.2,1 clamav-lts < 0.103.5,1 CVE-2022-20698 https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html
9ae2c00f-97d0-11eb-8cd6-080027f515ea	clamav -- Multiple vulnerabilites Micah Snyder reports: CVE-2021-1252 Excel XLM parser infinite loop CVE-2021-1404 PDF parser buffer over-read; possible crash. CVE-2021-1405 Mail parser NULL-dereference crash. Discovery 2021-04-07 Entry 2021-04-07 clamav < 0.103.2,1 CVE-2021-1252 CVE-2021-1404 CVE-2021-1405 https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
f7a02651-c798-11ea-81d6-6805cabe6ebb	clamav -- multiple vulnerabilities Micah Snyder reports: CVE-2020-3350 Fixed a vulnerability a malicious user could exploit to replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (such as a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan and clamonacc. CVE-2020-3327 Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.3 that could cause a denial-of-service (DoS) condition. Improper bounds checking resulted in an out-of-bounds read that could cause a crash. The previous fix for this CVE in version 0.102.3 was incomplete. This fix correctly resolves the issue. CVE-2020-3481 Fixed a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could cause a denial-of-service (DoS) condition. Improper error handling could cause a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in affected versions. Discovery 2020-07-16 Entry 2020-07-16 clamav < 0.102.4,1 https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html CVE-2020-3350 CVE-2020-3327 CVE-2020-3481

2a6106c6-73e5-11ec-8fa2-0800270512f4

clamav -- invalid pointer read that may cause a crash

Laurent Delosieres reports:

Fix for invalid pointer read that may cause a crash. This issue affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json option) is enabled.

Discovery 2022-01-12
Entry 2022-01-12
clamav

< 0.104.2,1

clamav-lts

< 0.103.5,1

CVE-2022-20698
https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html

9ae2c00f-97d0-11eb-8cd6-080027f515ea

clamav -- Multiple vulnerabilites

Micah Snyder reports:

CVE-2021-1252

Excel XLM parser infinite loop

CVE-2021-1404

PDF parser buffer over-read; possible crash.

CVE-2021-1405

Mail parser NULL-dereference crash.

Discovery 2021-04-07
Entry 2021-04-07
clamav

< 0.103.2,1

CVE-2021-1252
CVE-2021-1404
CVE-2021-1405
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

f7a02651-c798-11ea-81d6-6805cabe6ebb

clamav -- multiple vulnerabilities

Micah Snyder reports:

CVE-2020-3350

Fixed a vulnerability a malicious user could exploit to replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (such as a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan and clamonacc.

CVE-2020-3327

Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.3 that could cause a denial-of-service (DoS) condition. Improper bounds checking resulted in an out-of-bounds read that could cause a crash. The previous fix for this CVE in version 0.102.3 was incomplete. This fix correctly resolves the issue.

CVE-2020-3481

Fixed a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could cause a denial-of-service (DoS) condition. Improper error handling could cause a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in affected versions.

Discovery 2020-07-16
Entry 2020-07-16
clamav

< 0.102.4,1

https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
CVE-2020-3350
CVE-2020-3327
CVE-2020-3481