FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  530403
Date:      2020-04-02
Time:      19:32:40Z
Committer: rene

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
795442e7-c355-11e9-8224-5404a68ad561vlc -- multiple vulnerabilities

The VLC project reports:

Security: * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970) * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962) * Fix a read buffer overflow in the FAAD decoder * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438) * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776) * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778) * Fix a use after free in the ASF demuxer (CVE-2019-14533) * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602) * Fix a null dereference in the dvdnav demuxer * Fix a null dereference in the ASF demuxer (CVE-2019-14534) * Fix a null dereference in the AVI demuxer * Fix a division by zero in the CAF demuxer (CVE-2019-14498) * Fix a division by zero in the ASF demuxer (CVE-2019-14535)


Discovery 2019-07-14
Entry 2019-08-20
vlc
lt 3.0.8,4

https://www.videolan.org/developers/vlc-branch/NEWS
CVE-2019-13602
CVE-2019-13962
CVE-2019-14437
CVE-2019-14438
CVE-2019-14498
CVE-2019-14533
CVE-2019-14534
CVE-2019-14535
CVE-2019-14776
CVE-2019-14777
CVE-2019-14778
CVE-2019-14970
f2144530-936f-11e9-8fc4-5404a68ad561vlc -- Buffer overflow vulnerability

zhangyang reports:

The ReadFrame function in the avi.c file uses a variable i_width_bytes, which is obtained directly from the file. It is a signed integer. It does not do a strict check before the memory operation(memmove, memcpy), which may cause a buffer overflow.


Discovery 2019-01-23
Entry 2019-06-20
vlc
lt 3.0.7,4

CVE-2019-5439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5439
https://hackerone.com/reports/484398
5b218581-9372-11e9-8fc4-5404a68ad561vlc -- Double free in Matroska demuxer

The VLC project reports:

mkv: Fix potential double free


Discovery 2019-05-20
Entry 2019-06-20
vlc
lt 3.0.7.1,4

CVE-2019-12874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12874
http://git.videolan.org/?p=vlc.git;a=commit;h=81023659c7de5ac2637b4a879195efef50846102
dc57ad48-ecbb-439b-a4d0-5869be47684evlc -- Use after free vulnerability

Mitre reports:

VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.


Discovery 2018-06-06
Entry 2018-07-21
vlc
le 2.2.8_6,4

vlc-qt4
le 2.2.8_6,4

CVE-2018-11529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11529
http://seclists.org/fulldisclosure/2018/Jul/28
https://github.com/rapid7/metasploit-framework/pull/10335
https://github.com/videolan/vlc-3.0/commit/c472668ff873cfe29281822b4548715fb7bb0368
https://github.com/videolan/vlc-3.0/commit/d2dadb37e7acc25ae08df71e563855d6e17b5b42