FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4cd857d9-26d2-4417-b765-69701938f9e0libraw -- denial of service and remote code execution

libraw developers report:

A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.


Discovery 2017-09-11
Entry 2017-09-26
libraw
< 0.18.3

https://github.com/LibRaw/LibRaw/issues/99
CVE-2017-14265
c60804f1-126f-11e8-8b5b-4ccc6adda413libraw -- multiple DoS vulnerabilities

Secunia Research reports:

CVE-2017-16909: An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.

CVE-2017-16910: An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) can be exploited to cause an invalid read memory access.


Discovery 2017-12-04
Entry 2018-02-15
libraw
< 0.18.6

https://www.securityfocus.com/archive/1/541583
CVE-2017-16909
CVE-2017-16910
6bc6eed2-9cca-11e5-8c2b-c335fa8985d7libraw -- memory objects not properly initialized

ChenQin reports:

The LibRaw raw image decoder has multiple vulnerabilities that can cause memory errors which may lead to code execution or other problems.

In CVE-2015-8367, LibRaw's phase_one_correct function does not handle memory initialization correctly, which may cause other problems.


Discovery 2015-11-30
Entry 2015-12-07
libraw
< 0.17.1

CVE-2015-8367
http://www.libraw.org/news/libraw-0-17-1
https://github.com/LibRaw/LibRaw/commit/490ef94d1796f730180039e80997efe5c58db780
http://seclists.org/fulldisclosure/2015/Nov/108
d9f96741-47bd-4426-9aba-8736c0971b24libraw -- buffer overflow

libraw developers report:

LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.


Discovery 2017-09-12
Entry 2017-09-26
libraw
< 0.18.4

http://www.securityfocus.com/bid/100866
https://github.com/LibRaw/LibRaw/issues/100
CVE-2017-14348
db04bf07-9cc8-11e5-8c2b-c335fa8985d7libraw -- index overflow in smal_decode_segment

ChenQin reports:

The LibRaw raw image decoder has multiple vulnerabilities that can cause memory errors which may lead to code execution or other problems.

In CVE-2015-8366, LibRaw's smal_decode_segment function does not handle indexes carefully, which can cause an index overflow.


Discovery 2015-11-30
Entry 2015-12-07
libraw
< 0.17.1

http://www.libraw.org/news/libraw-0-17-1
https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
http://seclists.org/fulldisclosure/2015/Nov/108
CVE-2015-8366
57325ecf-facc-11e4-968f-b888e347c638dcraw -- integer overflow condition

ocert reports:

The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a buffer overflow.

The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpeg_start() function.

A maliciously crafted raw image file can be used to trigger the vulnerability, causing a Denial of Service condition.


Discovery 2015-04-24
Entry 2015-05-15
Modified 2016-01-08
cinepaint
ge 0.22.0

darktable
< 1.6.7

dcraw
ge 7.00 lt 9.26

dcraw-m
ge 0

exact-image
< 0.9.1

flphoto
ge 0

freeimage
ge 3.13.0 lt 3.16.0_1

kodi
< 14.2_1

libraw
< 0.16.1

lightzone
< 4.1.2

netpbm
< 10.35.96

opengtl
ge 0

rawstudio
< 2.0_11

ufraw
< 0.21

CVE-2015-3885
http://www.ocert.org/advisories/ocert-2015-006.html
https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e
https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5
https://sourceforge.net/p/netpbm/code/2512/
02bee9ae-c5d1-409b-8a79-983a88861509libraw -- Out-of-bounds Read

libraw developers report:

In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.


Discovery 2017-09-20
Entry 2017-09-28
libraw
le 0.18.4

https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21
https://github.com/LibRaw/LibRaw/issues/101
CVE-2017-14608
6f0b0cbf-1274-11e8-8b5b-4ccc6adda413libraw -- multiple DoS vulnerabilities

Secunia Research reports:

CVE-2018-5800: An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.

CVE-2017-5801: An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) can be exploited to trigger a NULL pointer dereference.

CVE-2017-5802: An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.


Discovery 2018-01-16
Entry 2018-02-15
libraw
< 0.18.7

https://www.securityfocus.com/archive/1/541732
CVE-2018-5800
CVE-2018-5801
CVE-2018-5802