FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  482434
Date:      2018-10-19
Time:      16:06:30Z
Committer: joneum

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d706a3a3-4a7c-11e6-97f7-5453ed2e2b49p7zip -- out-of-bounds read vulnerability

Cisco Talos reports:

An out-of-bounds read vulnerability exists in the way 7-Zip handles Universal Disk Format (UDF) files.

Central to 7-Zip’s processing of UDF files is the CInArchive::ReadFileItem method. Because volumes can have more than one partition map, their objects are kept in an object vector. To start looking for an item, this method tries to reference the proper object using the partition map’s object vector and the "PartitionRef" field from the Long Allocation Descriptor. Lack of checking whether the "PartitionRef" field is bigger than the available amount of partition map objects causes a read out-of-bounds and can lead, in some circumstances, to arbitrary code execution.


Discovery 2016-05-11
Entry 2016-07-15
p7zip
lt 15.14_1

CVE-2016-2335
http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
a9bcaf57-4a7b-11e6-97f7-5453ed2e2b49p7zip -- heap overflow vulnerability

Cisco Talos reports:

An exploitable heap overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip that can lead to arbitrary code execution.


Discovery 2016-05-11
Entry 2016-07-15
p7zip
lt 15.14_1

CVE-2016-2334
http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
48e83187-b6e9-11e6-b6cf-5453ed2e2b49p7zip -- Null pointer dereference

MITRE reports:

A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.


Discovery 2016-07-17
Entry 2016-11-30
p7zip
lt 15.14_2

CVE-2016-9296
https://sourceforge.net/p/p7zip/discussion/383043/thread/648d34db/
https://sourceforge.net/p/p7zip/bugs/185/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9296
8f5c9dd6-5cac-11e5-9ad8-14dae9d210b8p7zip -- directory traversal vulnerability

Alexander Cherepanov reports:

7z (and 7zr) is susceptible to a directory traversal vulnerability. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directory.


Discovery 2015-01-05
Entry 2015-09-16
p7zip
lt 9.38.1_2

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774660
http://www.openwall.com/lists/oss-security/2015/01/11/2
http://sourceforge.net/p/p7zip/bugs/147/
CVE-2015-1038