FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  456232
Date:      2017-12-13
Time:      20:45:21Z
Committer: madpilot

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4a088d67-3af2-11e7-9d75-c86000169601freetype2 -- buffer overflows

Werner Lemberg reports:

CVE-2017-8105, CVE-2017-8287: Older FreeType versions have out-of-bounds writes caused by heap-based buffer overflows related to Type 1 fonts.


Discovery 2017-05-17
Entry 2017-05-17
freetype2
lt 2.8

http://lists.nongnu.org/archive/html/freetype-announce/2017-05/msg00000.html
CVE-2017-8105
CVE-2017-8287
462e2d6c-8017-11e1-a571-bcaec565249cfreetype -- multiple vulnerabilities

The Freetype project reports:

Multiple vulnerabilities exist in freetype that can result in application crashes and remote code execution. Please review the details in each of the CVEs for additional information.


Discovery 2012-03-08
Entry 2012-04-06
freetype2
lt 2.4.9

CVE-2012-1126
CVE-2012-1127
CVE-2012-1128
CVE-2012-1129
CVE-2012-1130
CVE-2012-1131
CVE-2012-1132
CVE-2012-1133
CVE-2012-1134
CVE-2012-1135
CVE-2012-1136
CVE-2012-1137
CVE-2012-1138
CVE-2012-1139
CVE-2012-1140
CVE-2012-1141
CVE-2012-1142
CVE-2012-1143
CVE-2012-1144
https://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view
https://bugzilla.redhat.com/show_bug.cgi?id=806270
54075e39-04ac-11e1-a94e-bcaec565249cfreetype -- Some type 1 fonts handling vulnerabilities

The FreeType project reports:

A couple of vulnerabilities in handling Type 1 fonts.


Discovery 2011-10-12
Entry 2011-11-01
freetype2
lt 2.4.7

CVE-2011-3256
http://sourceforge.net/projects/freetype/files/freetype2/2.4.7/README/view
https://bugzilla.redhat.com/attachment.cgi?id=528829&action=diff
567beb1e-7e0a-11e4-b9cc-bcaec565249cfreetype -- Out of bounds stack-based read/write

Werner LEMBERG reports:

The fix for CVE-2014-2240 was not 100% complete to fix the issue from the CVE completly.


Discovery 2014-12-07
Entry 2014-12-07
freetype2
lt 2.5.4

http://lists.nongnu.org/archive/html/freetype-announce/2014-12/msg00000.html
CVE-2014-2240
462e2d6c-8017-11e1-a571-bcaec565249cfreetype -- multiple vulnerabilities

The Freetype project reports:

Multiple vulnerabilities exist in freetype that can result in application crashes and remote code execution. Please review the details in each of the CVEs for additional information.


Discovery 2012-03-08
Entry 2012-04-06
freetype2
lt 2.4.9

CVE-2012-1126
CVE-2012-1127
CVE-2012-1128
CVE-2012-1129
CVE-2012-1130
CVE-2012-1131
CVE-2012-1132
CVE-2012-1133
CVE-2012-1134
CVE-2012-1135
CVE-2012-1136
CVE-2012-1137
CVE-2012-1138
CVE-2012-1139
CVE-2012-1140
CVE-2012-1141
CVE-2012-1142
CVE-2012-1143
CVE-2012-1144
https://sourceforge.net/projects/freetype/files/freetype2/2.4.9/README/view
https://bugzilla.redhat.com/show_bug.cgi?id=806270
1a0de610-a761-11e3-95fe-bcaec565249cfreetype2 -- Out of bounds read/write

Mateusz Jurczyk reports:

Out of bounds stack-based read/write in cf2_hintmap_build.

This is a critical vulnerability in the CFF Rasterizer code recently contributed by Adobe, leading to potential arbitrary code execution in the context of the FreeType2 library client.


Discovery 2014-02-25
Entry 2014-03-09
freetype2
lt 2.5.3

http://savannah.nongnu.org/bugs/?41697
54075e39-04ac-11e1-a94e-bcaec565249cfreetype -- Some type 1 fonts handling vulnerabilities

The FreeType project reports:

A couple of vulnerabilities in handling Type 1 fonts.


Discovery 2011-10-12
Entry 2011-11-01
freetype2
lt 2.4.7

CVE-2011-3256
http://sourceforge.net/projects/freetype/files/freetype2/2.4.7/README/view
https://bugzilla.redhat.com/attachment.cgi?id=528829&action=diff