FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-23 14:57:51 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
8fedf75c-ef2f-11e6-900e-003048f78448 | optipng -- multiple vulnerabilities
ifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.
The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.
Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.
Discovery 2015-10-09 Entry 2017-02-16 optipng
< 0.7.6
CVE-2015-7802
CVE-2016-2191
CVE-2016-3981
CVE-2016-3982
|
a8818f7f-9182-11e2-9bdf-d48564727302 | optipng -- use-after-free vulnerability
Secunia reports:
A vulnerability has been reported in OptiPNG, which can be
exploited by malicious people to potentially compromise a user's
system.
The vulnerability is caused due to a use-after-free error related
to the palette reduction functionality. No further information is
currently available.
Success exploitation may allow execution of arbitrary code.
Discovery 2012-09-16 Entry 2013-03-21 optipng
ge 0.7 lt 0.7.4
CVE-2012-4432
https://secunia.com/advisories/50654
|