FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  454426
Date:      2017-11-18
Time:      11:38:23Z
Committer: brnrd

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b0da85af-21a3-4c15-a137-fe9e4bc86002ffmpeg -- multiple vulnerabilities

NVD reports:

The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file.

The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.

The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted High Efficiency Video Coding (HEVC) data.

The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.

The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.

The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers.

Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data.

The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Smacker data.


Discovery 2015-11-27
Entry 2015-12-02
Modified 2015-12-28
libav
ge 0

gstreamer-ffmpeg
ge 0

handbrake
ge 0

ffmpeg
ge 2.8,1 lt 2.8.3,1

lt 2.7.3,1

ffmpeg26
lt 2.6.5

ffmpeg25
lt 2.5.9

ffmpeg24
lt 2.4.12

ffmpeg-devel
ffmpeg23
ffmpeg2
ffmpeg1
ffmpeg-011
ffmpeg0
ge 0

avidemux
avidemux2
avidemux26
ge 0

kodi
lt 16.0

mplayer
mencoder
lt 1.1.r20150822_7

mythtv
mythtv-frontend
ge 0

plexhometheater
ge 0

CVE-2015-6761
CVE-2015-8216
CVE-2015-8217
CVE-2015-8218
CVE-2015-8219
CVE-2015-8363
CVE-2015-8364
CVE-2015-8365
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=dabea74d0e82ea80cd344f630497cafcb3ef872c
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d24888ef19ba38b787b11d1ee091a3d94920c76a
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=93f30f825c08477fe8f76be00539e96014cc83c8
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=43492ff3ab68a343c1264801baa1d5a02de10167
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4a9af07a49295e014b059c1ab624c40345af5892
https://ffmpeg.org/security.html
4bae544d-06a3-4352-938c-b3bcbca89298ffmpeg -- multiple vulnerabilities

NVD reports:

The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.

The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file.


Discovery 2015-12-20
Entry 2015-12-28
libav
ge 0

gstreamer-ffmpeg
ge 0

handbrake
ge 0

ffmpeg
ge 2.8,1 lt 2.8.4,1

lt 2.7.4,1

ffmpeg26
lt 2.6.6

ffmpeg25
lt 2.5.9

ffmpeg24
lt 2.4.12

ffmpeg-devel
ffmpeg23
ffmpeg2
ffmpeg1
ffmpeg-011
ffmpeg0
ge 0

avidemux
avidemux2
avidemux26
ge 0

kodi
lt 16.0

mplayer
mencoder
lt 1.2.r20151219_1

mythtv
mythtv-frontend
ge 0

plexhometheater
ge 0

CVE-2015-8662
CVE-2015-8663
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=abee0a1c60612e8638640a8a3738fffb65e16dbf
https://ffmpeg.org/security.html
80c66af0-d1c5-449e-bd31-63b12525ff88ffmpeg -- out-of-bounds array access

NVD reports:

The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg before 2.0.7, 2.2.x before 2.2.15, 2.4.x before 2.4.8, 2.5.x before 2.5.6, and 2.6.x before 2.6.2 allows remote attackers to have unspecified impact via a crafted image, related to a pixel pointer, which triggers an out-of-bounds array access.


Discovery 2015-04-12
Entry 2015-09-01
Modified 2015-09-20
libav
ge 11.0 lt 11.4

lt 10.7

gstreamer1-libav
lt 1.5.1

handbrake
ge 0

ffmpeg
ge 2.2.0,1 lt 2.2.15,1

lt 2.0.7,1

ffmpeg26
lt 2.6.2

ffmpeg25
lt 2.5.6

ffmpeg24
lt 2.4.8

ffmpeg23
ge 0

ffmpeg1
ge 0

avidemux
avidemux26
lt 2.6.11

kodi
lt 15.1

mplayer
mencoder
lt 1.1.r20150403

mythtv
mythtv-frontend
ge 0

CVE-2015-3395
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7e1367f58263593e6cee3c282f7277d7ee9d553
https://git.libav.org/?p=libav.git;a=commit;h=5ecabd3c54b7c802522dc338838c9a4c2dc42948
https://ffmpeg.org/security.html
https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.4
3d950687-b4c9-4a86-8478-c56743547af8ffmpeg -- multiple vulnerabilities

NVD reports:

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks.

Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.

The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data.

The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data.

The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data.

The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data.

The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data.

The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file.

The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted (1) RV30 or (2) RV40 RealVideo data.


Discovery 2015-09-05
Entry 2015-09-20
Modified 2015-09-20
libav
ge 0

gstreamer1-libav
lt 1.5.90

gstreamer-ffmpeg
ge 0

handbrake
ge 0

ffmpeg
lt 2.7.2,1

ffmpeg26
lt 2.6.4

ffmpeg25
lt 2.5.8

ffmpeg24
lt 2.4.11

ffmpeg-devel
ffmpeg23
ffmpeg2
ffmpeg1
ffmpeg-011
ffmpeg0
ge 0

avidemux
avidemux2
avidemux26
lt 2.6.11

kodi
lt 15.1

mplayer
mencoder
lt 1.1.r20150822

mythtv
mythtv-frontend
ge 0

plexhometheater
ge 0

CVE-2015-6818
CVE-2015-6819
CVE-2015-6820
CVE-2015-6821
CVE-2015-6822
CVE-2015-6823
CVE-2015-6824
CVE-2015-6825
CVE-2015-6826
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=47f4e2d8960ca756ca153ab8e3e93d80449b8c91
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=84afc6b70d24fc0bf686e43138c96cf60a9445fe
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=79a98294da6cd85f8c86b34764c5e0c43b09eea3
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b160fc290cf49b516c5b6ee0730fd9da7fc623b1
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=39bbdebb1ed8eb9c9b0cd6db85afde6ba89d86e4
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7068bf277a37479aecde2832208d820682b35e6
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a5d44d5c220e12ca0cb7a4eceb0f74759cb13111
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f1a38264f20382731cf2cc75fdd98f4c9a84a626
https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3197c0aa87a3b7190e17d49e6fbc7b554e4b3f0a
https://ffmpeg.org/security.html