FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  512338
Date:      2019-09-19
Time:      12:43:20Z
Committer: pi

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
cfb12f02-06e1-11e5-8fda-002590263bf5cabextract -- directory traversal with UTF-8 symbols in filenames

Cabextract ChangeLog reports:

It was possible for cabinet files to extract to absolute file locations, and it was possible on Cygwin to get around cabextract's absolute and relative path protections by using backslashes.

Discovery 2015-02-18
Entry 2015-05-31
lt 1.6
cc7548ef-06e1-11e5-8fda-002590263bf5libmspack -- frame_end overflow which could cause infinite loop

There is a denial of service vulnerability in libmspack. The libmspack code is built into cabextract, so it is also vulnerable.

MITRE reports:

Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.

Discovery 2014-12-11
Entry 2015-05-31
lt 0.5

lt 1.5