FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  456043
Date:      2017-12-11
Time:      14:53:31Z
Committer: tijl

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
313da7dc-763b-11df-bcce-0018f3e2eb82tiff -- buffer overflow vulnerability

Kevin Finisterre reports:

Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking. Credit to Kevin Finisterre of digitalmunition.com for reporting these issues.


Discovery 2010-04-15
Entry 2010-06-12
tiff
lt 3.9.3

linux-tiff
lt 3.9.3

CVE-2010-1411
http://www.remotesensing.org/libtiff/v3.9.3.html
http://support.apple.com/kb/HT4196
fb74eacc-ec8a-11e6-bc8a-0011d823eebdtiff -- multiple vulnerabilities

libtiff project reports:

Multiple flaws have been discovered in libtiff library and utilities.


Discovery 2016-11-19
Entry 2017-02-06
tiff
lt 4.0.7

linux-c6-libtiff
linux-c6-tiff
lt 3.9.4_5

linux-c7-libtiff
linux-c7-tiff
lt 4.0.3_3

http://simplesystems.org/libtiff/v4.0.7.html
CVE-2016-9533
CVE-2016-9534
CVE-2016-9535
CVE-2015-8870
CVE-2016-5652
CVE-2016-9540
CVE-2016-9537
CVE-2016-9536
313da7dc-763b-11df-bcce-0018f3e2eb82tiff -- buffer overflow vulnerability

Kevin Finisterre reports:

Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking. Credit to Kevin Finisterre of digitalmunition.com for reporting these issues.


Discovery 2010-04-15
Entry 2010-06-12
tiff
lt 3.9.3

linux-tiff
lt 3.9.3

CVE-2010-1411
http://www.remotesensing.org/libtiff/v3.9.3.html
http://support.apple.com/kb/HT4196
8816bf3a-7929-11df-bcce-0018f3e2eb82tiff -- Multiple integer overflows

Tielei Wang:

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.


Discovery 2009-05-22
Entry 2010-06-16
tiff
lt 3.9.4

linux-tiff
linux-f10-tiff
lt 3.9.4

CVE-2009-2347
http://www.remotesensing.org/libtiff/v3.9.4.html
http://www.ocert.org/advisories/ocert-2009-012.html
0ab66088-4aa5-11e6-a7bd-14dae9d210b8tiff -- buffer overflow

Mathias Svensson reports:

potential buffer write overrun in PixarLogDecode() on corrupted/unexpected images


Discovery 2016-06-28
Entry 2016-07-15
Modified 2016-09-06
tiff
lt 4.0.6_2

linux-c6-tiff
lt 3.9.4_2

linux-f10-tiff
ge *

https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
CVE-2016-5314
CVE-2016-5320
CVE-2016-5875
2a96e498-3234-4950-a9ad-419bc84a839dtiff -- multiple vulnerabilities

NVD reports:

Please reference CVE/URL list for details


Discovery 2017-04-01
Entry 2017-04-20
tiff
linux-f8-tiff
linux-f10-tiff
linux-c6-tiff
linux-c7-tiff
lt 4.0.8

CVE-2017-5225
CVE-2017-7592
CVE-2017-7593
CVE-2017-7594
CVE-2017-7595
CVE-2017-7596
CVE-2017-7597
CVE-2017-7598
CVE-2017-7599
CVE-2017-7600
CVE-2017-7601
CVE-2017-7602
https://github.com/vadz/libtiff/commit/5c080298d59e
https://github.com/vadz/libtiff/commit/48780b4fcc42
https://github.com/vadz/libtiff/commit/d60332057b95
https://github.com/vadz/libtiff/commit/2ea32f7372b6
https://github.com/vadz/libtiff/commit/8283e4d1b7e5
https://github.com/vadz/libtiff/commit/47f2fb61a3a6
https://github.com/vadz/libtiff/commit/3cfd62d77c2a
https://github.com/vadz/libtiff/commit/3144e57770c1
https://github.com/vadz/libtiff/commit/0a76a8c765c7
https://github.com/vadz/libtiff/commit/66e7bd595209
bd349f7a-b3b9-11e5-8255-5453ed2e2b49tiff -- out-of-bounds read in tif_getimage.c

LMX of Qihoo 360 Codesafe Team discovered an out-of-bounds read in tif_getimage.c. An attacker could create a specially-crafted TIFF file that could cause libtiff to crash.


Discovery 2015-12-24
Entry 2016-01-05
Modified 2016-09-06
tiff
lt 4.0.6_1

linux-c6-tiff
lt 3.9.4_2

linux-f10-tiff
ge *

CVE-2015-8665
http://www.openwall.com/lists/oss-security/2015/12/24/2
b65e4914-b3bc-11e5-8255-5453ed2e2b49tiff -- out-of-bounds read in CIE Lab image format

zzf of Alibaba discovered an out-of-bounds vulnerability in the code processing the LogLUV and CIE Lab image format files. An attacker could create a specially-crafted TIFF file that could cause libtiff to crash.


Discovery 2015-12-25
Entry 2016-01-05
Modified 2016-09-06
tiff
lt 4.0.6_1

linux-c6-tiff
lt 3.9.4_2

linux-f10-tiff
ge *

CVE-2015-8683
http://www.openwall.com/lists/oss-security/2015/12/25/2