FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3dac84c9-bce1-4199-9784-d68af1eb7b2elibtremor -- multiple vulnerabilities

The RedHat Project reports:

Will Drewry of the Google Security Team reported multiple issues in OGG Vorbis and Tremor libraries, that could cause application using those libraries to crash (NULL pointer dereference or divide by zero), enter an infinite loop or cause heap overflow caused by integer overflow.


Discovery 2008-03-19
Entry 2015-08-25
Modified 2015-08-25
libtremor
< 1.2.0.s20101013

CVE-2008-1418
CVE-2008-1419
CVE-2008-1420
CVE-2008-1423
CVE-2008-2009
http://redpig.dataspill.org/2008/05/multiple-vulnerabilities-in-ogg-tremor.html
https://git.xiph.org/?p=tremor.git;a=commitdiff;h=7e94eea
https://git.xiph.org/?p=tremor.git;a=commitdiff;h=1d1f93e
https://git.xiph.org/?p=tremor.git;a=commitdiff;h=159efc4
7943794f-707f-4e31-9fea-3bbf1ddcedc1mozilla -- multiple vulnerabilities

The Mozilla Foundation reports:

CVE-2018-5146: Out of bounds memory write in libvorbis

An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest.

CVE-2018-5147: Out of bounds memory write in libtremor

The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms.


Discovery 2018-03-16
Entry 2018-03-16
Modified 2018-03-31
libvorbis
< 1.3.6,3

libtremor
< 1.2.1.s20180316

firefox
< 59.0.1,1

waterfox
< 56.0.4.36_3

seamonkey
linux-seamonkey
< 2.49.3

firefox-esr
< 52.7.2,1

linux-firefox
< 52.7.2,2

libxul
< 52.7.3

thunderbird
linux-thunderbird
< 52.7.0

CVE-2018-5146
CVE-2018-5147
https://www.mozilla.org/security/advisories/mfsa2018-08/
https://www.mozilla.org/security/advisories/mfsa2018-09/
40497e81-fee3-4e54-9d5f-175a5c633b73libtremor -- memory corruption

The Mozilla Project reports:

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution.


Discovery 2012-01-31
Entry 2015-08-25
Modified 2015-08-25
libtremor
< 1.2.0.s20120120

CVE-2012-0444
https://bugzilla.mozilla.org/show_bug.cgi?id=719612
https://git.xiph.org/?p=tremor.git;a=commitdiff;h=3daa274