FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
7764b219-8148-11e8-aa4d-000e0cd7b374	zziplib - multiple vulnerabilities NIST reports (by search in the range 2017/01/01 - 2018/07/06): 17 security fixes in this release: Heap-based buffer overflow in the __zzip_get32 function in fetch.c. Heap-based buffer overflow in the __zzip_get64 function in fetch.c. Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c. The zzip_mem_entry_new function in memdisk.c allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file. The prescan_entry function in fseeko.c allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted ZIP file. The zzip_mem_entry_new function in memdisk.c cause a NULL pointer dereference and crash via a crafted ZIP file. seeko.c cause a denial of service (assertion failure and crash) via a crafted ZIP file. A segmentation fault caused by invalid memory access in the zzip_disk_fread function because the size variable is not validated against the amount of file->stored data. A memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. A bus error caused by loading of a misaligned address in the zzip_disk_findfirst function. An uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. A memory leak triggered in the function zzip_mem_disk_new in memdisk.c. Discovery 2017-03-01 Entry 2018-07-06 zziplib < 0.13.68 CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5977 CVE-2017-5978 CVE-2017-5979 CVE-2017-5980 CVE-2017-5981 CVE-2018-6381 CVE-2018-6484 CVE-2018-6540 CVE-2018-6541 CVE-2018-6542 CVE-2018-6869 CVE-2018-7725 CVE-2018-7726 CVE-2018-7727 https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&query=zziplib&search_type=all&pub_start_date=01%2F01%2F2017&pub_end_date=07%2F06%2F2018"

VuXML ID

Description

7764b219-8148-11e8-aa4d-000e0cd7b374

zziplib - multiple vulnerabilities

NIST reports (by search in the range 2017/01/01 - 2018/07/06):

17 security fixes in this release:

Heap-based buffer overflow in the __zzip_get32 function in fetch.c.

Heap-based buffer overflow in the __zzip_get64 function in fetch.c.

Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c.

The zzip_mem_entry_new function in memdisk.c allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file.

The prescan_entry function in fseeko.c allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted ZIP file.

The zzip_mem_entry_new function in memdisk.c cause a NULL pointer dereference and crash via a crafted ZIP file.

seeko.c cause a denial of service (assertion failure and crash) via a crafted ZIP file.

A segmentation fault caused by invalid memory access in the zzip_disk_fread function because the size variable is not validated against the amount of file->stored data.

A memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c.

A bus error caused by loading of a misaligned address in the zzip_disk_findfirst function.

An uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function.

An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c.

A memory leak triggered in the function zzip_mem_disk_new in memdisk.c.

Discovery 2017-03-01
Entry 2018-07-06
zziplib

< 0.13.68

CVE-2017-5974
CVE-2017-5975
CVE-2017-5976
CVE-2017-5977
CVE-2017-5978
CVE-2017-5979
CVE-2017-5980
CVE-2017-5981
CVE-2018-6381
CVE-2018-6484
CVE-2018-6540
CVE-2018-6541
CVE-2018-6542
CVE-2018-6869
CVE-2018-7725
CVE-2018-7726
CVE-2018-7727
https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&query=zziplib&search_type=all&pub_start_date=01%2F01%2F2017&pub_end_date=07%2F06%2F2018"