FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  496547
Date:      2019-03-22
Time:      04:08:55Z
Committer: zeising

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
cf133acc-82e7-4755-a66a-5ddf90dacbe6graphite2 -- out-of-bounds write with malicious font

Mozilla Foundation reports:

An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products.


Discovery 2017-04-19
Entry 2017-04-19
Modified 2017-04-20
graphite2
lt 1.3.9_1

linux-c7-graphite2
lt 1.3.10

CVE-2017-5436
https://github.com/silnrsi/graphite/commit/1ce331d5548b
8f10fa04-cf6a-11e5-96d6-14dae9d210b8graphite2 -- code execution vulnerability

Talos reports:

  • An exploitable denial of service vulnerability exists in the font handling of Libgraphite. A specially crafted font can cause an out-of-bounds read potentially resulting in an information leak or denial of service.

  • A specially crafted font can cause a buffer overflow resulting in potential code execution.

  • An exploitable NULL pointer dereference exists in the bidirectional font handling functionality of Libgraphite. A specially crafted font can cause a NULL pointer dereference resulting in a crash.


Discovery 2016-02-05
Entry 2016-02-09
Modified 2016-03-08
graphite2
lt 1.3.5

silgraphite
lt 2.3.1_4

linux-thunderbird
lt 38.6.0

http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
http://www.talosintel.com/reports/TALOS-2016-0061/
https://www.mozilla.org/security/advisories/mfsa2016-14/
CVE-2016-1521
CVE-2016-1522
CVE-2016-1523
CVE-2016-1526
adffe823-e692-4921-ae9c-0b825c218372graphite2 -- multiple vulnerabilities

Mozilla Foundation reports:

Security researcher Holger Fuhrmannek and Mozilla security engineer Tyson Smith reported a number of security vulnerabilities in the Graphite 2 library affecting version 1.3.5. The issue reported by Holger Fuhrmannek is a mechanism to induce stack corruption with a malicious graphite font. This leads to a potentially exploitable crash when the font is loaded. Tyson Smith used the Address Sanitizer tool in concert with a custom software fuzzer to find a series of uninitialized memory, out-of-bounds read, and out-of-bounds write errors when working with fuzzed graphite fonts.

Security researcher James Clawson used the Address Sanitizer tool to discover an out-of-bounds write in the Graphite 2 library when loading a crafted Graphite font file. This results in a potentially exploitable crash.


Discovery 2016-03-08
Entry 2016-03-08
Modified 2016-03-14
graphite2
lt 1.3.6

linux-firefox
lt 45.0,1

linux-thunderbird
lt 38.7.0

linux-seamonkey
lt 2.42

https://www.mozilla.org/security/advisories/mfsa2016-37/
https://www.mozilla.org/security/advisories/mfsa2016-38/
CVE-2016-1969
CVE-2016-1977
CVE-2016-2790
CVE-2016-2791
CVE-2016-2792
CVE-2016-2793
CVE-2016-2794
CVE-2016-2795
CVE-2016-2796
CVE-2016-2797
CVE-2016-2798
CVE-2016-2799
CVE-2016-2800
CVE-2016-2801
CVE-2016-2802