FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-03-03 16:31:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
7642ba72-5abf-11f0-87ba-002590c1f29c	FreeBSD -- Use-after-free in multi-threaded xz decoder Problem Description: A worker thread could free its input buffer after decoding, while the main thread might still be writing to it. This leads to an use-after-free condition on heap memory. Impact: An attacker may use specifically crafted .xz file to cause multi-threaded xz decoder to crash, or potentially run arbitrary code under the credential the decoder was executed. Discovery 2025-07-02 Entry 2025-07-06 FreeBSD >= 14.2 lt 14.2_4 >= 13.5 lt 13.5_2 CVE-2025-31115 SA-25:06.xz

VuXML ID

Description

7642ba72-5abf-11f0-87ba-002590c1f29c

FreeBSD -- Use-after-free in multi-threaded xz decoder

Problem Description:

A worker thread could free its input buffer after decoding, while the main thread might still be writing to it. This leads to an use-after-free condition on heap memory.

Impact:

An attacker may use specifically crafted .xz file to cause multi-threaded xz decoder to crash, or potentially run arbitrary code under the credential the decoder was executed.

Discovery 2025-07-02
Entry 2025-07-06
FreeBSD

>= 14.2 lt 14.2_4

>= 13.5 lt 13.5_2

CVE-2025-31115
SA-25:06.xz