FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-23 14:57:51 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
8fedf75c-ef2f-11e6-900e-003048f78448	optipng -- multiple vulnerabilities ifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file. The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image. Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file. Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow. Discovery 2015-10-09 Entry 2017-02-16 optipng < 0.7.6 CVE-2015-7802 CVE-2016-2191 CVE-2016-3981 CVE-2016-3982
a8818f7f-9182-11e2-9bdf-d48564727302	optipng -- use-after-free vulnerability Secunia reports: A vulnerability has been reported in OptiPNG, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a use-after-free error related to the palette reduction functionality. No further information is currently available. Success exploitation may allow execution of arbitrary code. Discovery 2012-09-16 Entry 2013-03-21 optipng ge 0.7 lt 0.7.4 CVE-2012-4432 https://secunia.com/advisories/50654

VuXML ID

Description

8fedf75c-ef2f-11e6-900e-003048f78448

optipng -- multiple vulnerabilities

ifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.

Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.

Discovery 2015-10-09
Entry 2017-02-16
optipng

< 0.7.6

CVE-2015-7802
CVE-2016-2191
CVE-2016-3981
CVE-2016-3982

a8818f7f-9182-11e2-9bdf-d48564727302

optipng -- use-after-free vulnerability

Secunia reports:

A vulnerability has been reported in OptiPNG, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to a use-after-free error related to the palette reduction functionality. No further information is currently available.

Success exploitation may allow execution of arbitrary code.

Discovery 2012-09-16
Entry 2013-03-21
optipng

ge 0.7 lt 0.7.4

CVE-2012-4432
https://secunia.com/advisories/50654