FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-22 18:21:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d49f86ab-d9c7-11eb-a200-00155d01f201	Exiv2 -- Multiple vulnerabilities Exiv2 teams reports: Multiple vulnerabilities covering buffer overflows, out-of-bounds, read of uninitialized memory and denial of serivce. The heap overflow is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file. Discovery 2021-04-25 Entry 2021-06-30 exiv2 < 0.27.4,1 CVE-2021-29457 https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm CVE-2021-29458 https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5 CVE-2021-29463 https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr CVE-2021-29464 https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p CVE-2021-29470 https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj CVE-2021-29473 https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2 CVE-2021-29623 https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v CVE-2021-32617 https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj CVE-2021-3482 https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jp9-m3fv-2vg9

VuXML ID

Description

d49f86ab-d9c7-11eb-a200-00155d01f201

Exiv2 -- Multiple vulnerabilities

Exiv2 teams reports:

Multiple vulnerabilities covering buffer overflows, out-of-bounds, read of uninitialized memory and denial of serivce. The heap overflow is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. The read of uninitialized memory is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to leak a few bytes of stack memory, if they can trick the victim into running Exiv2 on a crafted image file.

Discovery 2021-04-25
Entry 2021-06-30
exiv2

< 0.27.4,1

CVE-2021-29457
https://github.com/Exiv2/exiv2/security/advisories/GHSA-v74w-h496-cgqm
CVE-2021-29458
https://github.com/Exiv2/exiv2/security/advisories/GHSA-57jj-75fm-9rq5
CVE-2021-29463
https://github.com/Exiv2/exiv2/security/advisories/GHSA-5p8g-9xf3-gfrr
CVE-2021-29464
https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p
CVE-2021-29470
https://github.com/Exiv2/exiv2/security/advisories/GHSA-8949-hhfh-j7rj
CVE-2021-29473
https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
CVE-2021-29623
https://github.com/Exiv2/exiv2/security/advisories/GHSA-6253-qjwm-3q4v
CVE-2021-32617
https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj
CVE-2021-3482
https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jp9-m3fv-2vg9