FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6842ac7e-d250-11ea-b9b7-08002728f74cjasper -- multiple vulnerabilities

JasPer NEWS:

- Fix CVE-2018-9154

- Fix CVE-2018-19541

- Fix CVE-2016-9399, CVE-2017-13751

- Fix CVE-2018-19540

- Fix CVE-2018-9055

- Fix CVE-2017-13748

- Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505

- Fix CVE-2018-9252

- Fix CVE-2018-19139

- Fix CVE-2018-19543, CVE-2017-9782

- Fix CVE-2018-20570

- Fix CVE-2018-20622

- Fix CVE-2016-9398

- Fix CVE-2017-14132

- Fix CVE-2017-5499

- Fix CVE-2018-18873

- Fix CVE-2017-13750


Discovery 2020-07-28
Entry 2020-08-25
Modified 2020-09-05
jasper
< 2.0.20

https://github.com/jasper-software/jasper/blob/master/NEWS
CVE-2018-9154
CVE-2018-19541
CVE-2016-9399
CVE-2017-13751
CVE-2018-19540
CVE-2018-9055
CVE-2017-13748
CVE-2017-5503
CVE-2017-5504
CVE-2017-5505
CVE-2018-9252
CVE-2018-19139
CVE-2018-19543
CVE-2017-9782
CVE-2018-20570
CVE-2018-20622
CVE-2016-9398
CVE-2017-14132
CVE-2017-5499
CVE-2018-18873
CVE-2017-13750
85349584-3ba4-11eb-919d-08002728f74cjasper -- heap overflow vulnerability

JasPer NEWS:

Fix CVE-2020-27828, heap-overflow in cp_create() in jpc_enc.c.


Discovery 2020-12-08
Entry 2020-12-13
jasper
< 2.0.23

CVE-2020-27828
https://github.com/jasper-software/jasper/blob/master/NEWS
https://github.com/jasper-software/jasper/issues/252
f1692469-45ce-11e5-adde-14dae9d210b8jasper -- multiple vulnerabilities

Martin Prpic reports:

A double free flaw was found in the way JasPer's jasper_image_stop_load() function parsed certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.

Feist Josselin reports:

A new use-after-free was found in Jasper JPEG-200. The use-after-free appears in the function mif_process_cmpt of the src/libjasper/mif/mif_cod.c file.


Discovery 2015-08-17
Entry 2015-08-18
Modified 2016-02-24
jasper
< 1.900.1_16

https://bugzilla.redhat.com/show_bug.cgi?id=1254242#c0
http://seclists.org/oss-sec/2015/q3/366
http://seclists.org/oss-sec/2015/q3/408
CVE-2015-5203
CVE-2015-5221
8ff84335-a7da-11e2-b3f5-003067c2616fjasper -- buffer overflow

Fedora reports:

JasPer fails to properly decode marker segments and other sections in malformed JPEG2000 files. Malformed inputs can cause heap buffer overflows which in turn may result in execution of attacker-controlled code.


Discovery 2011-12-09
Entry 2013-04-18
jasper
< 1.900.1_12

CVE-2008-3520
CVE-2008-3522
CVE-2011-4516
CVE-2011-4517
http://www.kb.cert.org/vuls/id/887409
3a469cbc-7a66-11eb-bd3f-08002728f74cjasper -- multiple vulnerabilities

JasPer Releases:

- Fix memory-related bugs in the JPEG-2000 codec resulting from attempting to decode invalid code streams. (#264, #265)

This fix is associated with CVE-2021-26926 and CVE-2021-26927.

- Fix wrong return value under some compilers (#260)

- Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259)


Discovery 2021-02-07
Entry 2021-03-03
jasper
< 2.0.25

https://github.com/jasper-software/jasper/releases
CVE-2021-26926
CVE-2021-26927
CVE-2021-3272
006e3b7c-d7d7-11e5-b85f-0018fe623f2bjasper -- multiple vulnerabilities

oCERT reports:

The library is affected by a double-free vulnerability in function jas_iccattrval_destroy() as well as a heap-based buffer overflow in function jp2_decode(). A specially crafted jp2 file can be used to trigger the vulnerabilities.

oCERT reports:

The library is affected by an off-by-one error in a buffer boundary check in jpc_dec_process_sot(), leading to a heap based buffer overflow, as well as multiple unrestricted stack memory use issues in jpc_qmfb.c, leading to stack overflow. A specially crafted jp2 file can be used to trigger the vulnerabilities.

oCERT reports:

Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.

limingxing reports:

A vulnerability was found in the way the JasPer's jas_matrix_clip() function parses certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.


Discovery 2014-12-10
Entry 2016-02-20
Modified 2016-02-24
jasper
< 1.900.1_16

http://www.ocert.org/advisories/ocert-2014-012.html
https://bugzilla.redhat.com/show_bug.cgi?id=1173157
https://bugzilla.redhat.com/show_bug.cgi?id=1173162
http://www.ocert.org/advisories/ocert-2015-001.html
https://bugzilla.redhat.com/show_bug.cgi?id=1179282
http://www.ocert.org/advisories/ocert-2014-009.html
https://bugzilla.redhat.com/show_bug.cgi?id=1167537
http://seclists.org/oss-sec/2016/q1/233
https://bugzilla.redhat.com/show_bug.cgi?id=1302636
CVE-2014-8137
CVE-2014-8138
CVE-2014-8157
CVE-2014-8158
CVE-2014-9029
CVE-2016-2089