FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
| VuXML ID | Description |
|---|
| a460035e-d111-11e1-aff7-001fd056c417 | libjpeg-turbo -- heap-based buffer overflow
The Changelog for version 1.2.1 says: Fixed a regression caused by
1.2.0[6] in which decompressing corrupt JPEG images (specifically,
images in which the component count was erroneously set to a large
value) would cause libjpeg-turbo to segfault.
A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component count
was erroneously set to a large value. An attacker could create a
specially-crafted JPEG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary code
with the privileges of the user running the application.
Discovery 2012-05-31
Entry 2012-07-18
Modified 2012-07-19
libjpeg-turbo
< 1.2.1
CVE-2012-2806
http://sourceforge.net/projects/libjpeg-turbo/files/1.2.1/README.txt
https://bugzilla.redhat.com/show_bug.cgi?id=826849
|