FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
92cda470-30cb-11e5-a4a5-002590263bf5sox -- input sanitization errors

oCERT reports:

The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions start_read() and AdpcmReadBlock().

A specially crafted wav file can be used to trigger the vulnerabilities.

Discovery 2014-11-20
Entry 2015-07-23
lt 14.4.2

9dd761ff-30cb-11e5-a4a5-002590263bf5sox -- memory corruption vulnerabilities

Michele Spagnuolo, Google Security Team, reports:

The write heap buffer overflows are related to ADPCM handling in WAV files, while the read heap buffer overflow is while opening a .VOC.

Discovery 2015-07-22
Entry 2015-07-23
le 14.4.2