FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  456043
Date:      2017-12-11
Time:      14:53:31Z
Committer: tijl

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
bd349f7a-b3b9-11e5-8255-5453ed2e2b49tiff -- out-of-bounds read in tif_getimage.c

LMX of Qihoo 360 Codesafe Team discovered an out-of-bounds read in tif_getimage.c. An attacker could create a specially-crafted TIFF file that could cause libtiff to crash.


Discovery 2015-12-24
Entry 2016-01-05
Modified 2016-09-06
tiff
lt 4.0.6_1

linux-c6-tiff
lt 3.9.4_2

linux-f10-tiff
ge *

CVE-2015-8665
http://www.openwall.com/lists/oss-security/2015/12/24/2
fb74eacc-ec8a-11e6-bc8a-0011d823eebdtiff -- multiple vulnerabilities

libtiff project reports:

Multiple flaws have been discovered in libtiff library and utilities.


Discovery 2016-11-19
Entry 2017-02-06
tiff
lt 4.0.7

linux-c6-libtiff
linux-c6-tiff
lt 3.9.4_5

linux-c7-libtiff
linux-c7-tiff
lt 4.0.3_3

http://simplesystems.org/libtiff/v4.0.7.html
CVE-2016-9533
CVE-2016-9534
CVE-2016-9535
CVE-2015-8870
CVE-2016-5652
CVE-2016-9540
CVE-2016-9537
CVE-2016-9536
2a96e498-3234-4950-a9ad-419bc84a839dtiff -- multiple vulnerabilities

NVD reports:

Please reference CVE/URL list for details


Discovery 2017-04-01
Entry 2017-04-20
tiff
linux-f8-tiff
linux-f10-tiff
linux-c6-tiff
linux-c7-tiff
lt 4.0.8

CVE-2017-5225
CVE-2017-7592
CVE-2017-7593
CVE-2017-7594
CVE-2017-7595
CVE-2017-7596
CVE-2017-7597
CVE-2017-7598
CVE-2017-7599
CVE-2017-7600
CVE-2017-7601
CVE-2017-7602
https://github.com/vadz/libtiff/commit/5c080298d59e
https://github.com/vadz/libtiff/commit/48780b4fcc42
https://github.com/vadz/libtiff/commit/d60332057b95
https://github.com/vadz/libtiff/commit/2ea32f7372b6
https://github.com/vadz/libtiff/commit/8283e4d1b7e5
https://github.com/vadz/libtiff/commit/47f2fb61a3a6
https://github.com/vadz/libtiff/commit/3cfd62d77c2a
https://github.com/vadz/libtiff/commit/3144e57770c1
https://github.com/vadz/libtiff/commit/0a76a8c765c7
https://github.com/vadz/libtiff/commit/66e7bd595209
b65e4914-b3bc-11e5-8255-5453ed2e2b49tiff -- out-of-bounds read in CIE Lab image format

zzf of Alibaba discovered an out-of-bounds vulnerability in the code processing the LogLUV and CIE Lab image format files. An attacker could create a specially-crafted TIFF file that could cause libtiff to crash.


Discovery 2015-12-25
Entry 2016-01-05
Modified 2016-09-06
tiff
lt 4.0.6_1

linux-c6-tiff
lt 3.9.4_2

linux-f10-tiff
ge *

CVE-2015-8683
http://www.openwall.com/lists/oss-security/2015/12/25/2
0ab66088-4aa5-11e6-a7bd-14dae9d210b8tiff -- buffer overflow

Mathias Svensson reports:

potential buffer write overrun in PixarLogDecode() on corrupted/unexpected images


Discovery 2016-06-28
Entry 2016-07-15
Modified 2016-09-06
tiff
lt 4.0.6_2

linux-c6-tiff
lt 3.9.4_2

linux-f10-tiff
ge *

https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
CVE-2016-5314
CVE-2016-5320
CVE-2016-5875