FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a33addf6-74e6-11e4-a615-f8b156b6dcc8flac -- Multiple vulnerabilities

Erik de Castro Lopo reports:

Google Security Team member, Michele Spagnuolo, recently found two potential problems in the FLAC code base. They are:

  • CVE-2014-9028: Heap buffer write overflow.
  • CVE-2014-8962: Heap buffer read overflow.

Discovery 2014-11-25
Entry 2014-11-25
Modified 2015-07-15
flac
< 1.3.0_3

linux-c6-flac
< 1.2.1_3

https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e
CVE-2014-8962
https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
CVE-2014-9028
49346de2-b015-11eb-9bdf-f8b156b6dcc8FLAC -- out-of-bounds read

Oss-Fuzz reports:

There is a possible out of bounds read due to a heap buffer overflow in FLAC__bitreader_read_rice_signed_block of bitreader.c.


Discovery 2019-09-08
Entry 2021-05-08
flac
< 1.3.3_1

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069
CVE-2020-0499