FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6ade62d9-0f62-11ea-9673-4c72b94353b5clamav -- Denial-of-Service (DoS) vulnerability

Micah Snyder reports:

A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation.


Discovery 2019-09-06
Entry 2019-11-25
clamav
< 0.102.1,1

https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html
CVE-2019-15961
9ae2c00f-97d0-11eb-8cd6-080027f515eaclamav -- Multiple vulnerabilites

Micah Snyder reports:

CVE-2021-1252
Excel XLM parser infinite loop
CVE-2021-1404
PDF parser buffer over-read; possible crash.
CVE-2021-1405
Mail parser NULL-dereference crash.

Discovery 2021-04-07
Entry 2021-04-07
clamav
< 0.103.2,1

CVE-2021-1252
CVE-2021-1404
CVE-2021-1405
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
e7bc2b99-485a-11ea-bff9-9c5c8e75236aclamav -- Denial-of-Service (DoS) vulnerability

Micah Snyder reports:

A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash.


Discovery 2020-02-05
Entry 2020-02-05
clamav
< 0.102.2,1

https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html
CVE-2020-3123
f7a02651-c798-11ea-81d6-6805cabe6ebbclamav -- multiple vulnerabilities

Micah Snyder reports:

CVE-2020-3350
Fixed a vulnerability a malicious user could exploit to replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (such as a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan and clamonacc.
CVE-2020-3327
Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.3 that could cause a denial-of-service (DoS) condition. Improper bounds checking resulted in an out-of-bounds read that could cause a crash. The previous fix for this CVE in version 0.102.3 was incomplete. This fix correctly resolves the issue.
CVE-2020-3481
Fixed a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could cause a denial-of-service (DoS) condition. Improper error handling could cause a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in affected versions.

Discovery 2020-07-16
Entry 2020-07-16
clamav
< 0.102.4,1

https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
CVE-2020-3350
CVE-2020-3327
CVE-2020-3481
2a6106c6-73e5-11ec-8fa2-0800270512f4clamav -- invalid pointer read that may cause a crash

Laurent Delosieres reports:

Fix for invalid pointer read that may cause a crash. This issue affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json option) is enabled.


Discovery 2022-01-12
Entry 2022-01-12
clamav
< 0.104.2,1

clamav-lts
< 0.103.5,1

CVE-2022-20698
https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html
dbd1f627-c43b-11e9-a923-9c5c8e75236aclamav -- multiple vulnerabilities

Micah Snyder reports:

  • An out of bounds write was possible within ClamAV&s NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library (CVE-2019-12900). The issue has been resolved by respecting that limit.
  • The zip bomb vulnerability mitigated in 0.101.3 has been assigned the CVE identifier CVE-2019-12625. Unfortunately, a workaround for the zip-bomb mitigation was immediately identified. To remediate the zip-bomb scan time issue, a scan time limit has been introduced in 0.101.4. This limit now resolves ClamAV's vulnerability to CVE-2019-12625.

Discovery 2019-08-21
Entry 2019-08-21
clamav
< 0.101.4,1

clamav-milter
< 0.101.4,1

CVE-2019-12625
https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html
CVE-2019-12900
91ce95d5-cd15-4105-b942-af5ccc7144c1clamav -- multiple vulnerabilities

Micah Snyder reports:

CVE-2020-3327: Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 that could cause a denial-of-service condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ parsing vulnerability.

CVE-2020-3341: Fixed a vulnerability in the PDF-parsing module in ClamAV 0.101 - 0.102.2 that could cause a denial-of-service condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read, which may cause a crash. OSS-Fuzz discovered this vulnerability.


Discovery 2020-05-12
Entry 2020-05-14
clamav
< 0.102.3,1

https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
CVE-2020-3327
CVE-2020-3341