FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  518000
Date:      2019-11-20
Time:      10:57:40Z
Committer: zeising

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
34e60332-2448-4ed6-93f0-12713749f250libvpx -- multiple buffer overflows

The Mozilla Project reports:

Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover two buffer overflow issues in the Libvpx library used for WebM video when decoding a malformed WebM video file. These buffer overflows result in potentially exploitable crashes.


Discovery 2015-08-11
Entry 2015-08-11
Modified 2015-08-14
libvpx
lt 1.4.0.488

firefox
lt 40.0,1

linux-firefox
lt 40.0,1

CVE-2015-4485
CVE-2015-4486
https://www.mozilla.org/security/advisories/mfsa2015-89/
6ca7eddd-d436-486a-b169-b948436bcf14libvpx -- buffer overflow in vp9_init_context_buffers

The Mozilla Project reports:

Security researcher Khalil Zhani reported that a maliciously crafted vp9 format video could be used to trigger a buffer overflow while parsing the file. This leads to a potentially exploitable crash due to a flaw in the libvpx library.


Discovery 2015-09-22
Entry 2015-11-10
libvpx
lt 1.4.0.488_1

CVE-2015-4506
https://www.mozilla.org/security/advisories/mfsa2015-101/