FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-28 14:09:37 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f161a5ad-c9bd-11ee-b7a7-353f1e043d9a	openexr -- Heap Overflow in Scanline Deep Data Parsing Austin Hackers Anonymous report: Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. [...] it is in a routine that is predominantly used for development and testing. It is not likely to appear in production code. Discovery 2023-10-26 Entry 2024-02-12 openexr < 3.1.12 ge 3.2.0 lt 3.2.2 CVE-2023-5841 https://takeonme.org/cves/CVE-2023-5841.html https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.2
b6ef8a53-8062-11ec-9af3-fb232efe4d2e	OpenEXR -- Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute Cary Phillips reports: [OpenEXR Version 3.1.4 is a] patch release that [...] addresses one public security vulnerability: CVE-2021-45942 Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute [and several] specific OSS-fuzz issues [...]. Discovery 2021-11-26 Entry 2022-01-28 openexr < 3.1.4 CVE-2021-45942 https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41999 https://github.com/AcademySoftwareFoundation/openexr/pull/1209
06428d91-152e-11ee-8b14-dbdd62da85fb	OpenEXR -- heap buffer overflow in internal_huf_decompress oss-fuzz reports: heap buffer overflow in internal_huf_decompress. Cary Phillips reports: v3.1.9 - Patch release that addresses [...] also OSS-fuzz 59382 Heap-buffer-overflow in internal_huf_decompress Kimball Thurston reports: Fix scenario where malformed dwa file could read past end of buffer - fixes OSS-Fuzz 59382 Discovery 2023-05-28 Entry 2023-06-27 openexr < 3.1.9 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59382 https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.9 https://github.com/AcademySoftwareFoundation/openexr/commit/e431f7e189d0785bb84a5bfb83391e9e58590c49 https://github.com/AcademySoftwareFoundation/openexr/pull/1439

VuXML ID

Description

f161a5ad-c9bd-11ee-b7a7-353f1e043d9a

openexr -- Heap Overflow in Scanline Deep Data Parsing

Austin Hackers Anonymous report:

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability.

[...] it is in a routine that is predominantly used for development and testing. It is not likely to appear in production code.

Discovery 2023-10-26
Entry 2024-02-12
openexr

< 3.1.12

ge 3.2.0 lt 3.2.2

CVE-2023-5841
https://takeonme.org/cves/CVE-2023-5841.html
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.2.2

b6ef8a53-8062-11ec-9af3-fb232efe4d2e

OpenEXR -- Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute

Cary Phillips reports:

[OpenEXR Version 3.1.4 is a] patch release that [...] addresses one public security vulnerability: CVE-2021-45942 Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute [and several] specific OSS-fuzz issues [...].

Discovery 2021-11-26
Entry 2022-01-28
openexr

< 3.1.4

CVE-2021-45942
https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41999
https://github.com/AcademySoftwareFoundation/openexr/pull/1209

06428d91-152e-11ee-8b14-dbdd62da85fb

OpenEXR -- heap buffer overflow in internal_huf_decompress

oss-fuzz reports:

heap buffer overflow in internal_huf_decompress.

Cary Phillips reports:

v3.1.9 - Patch release that addresses [...] also OSS-fuzz 59382 Heap-buffer-overflow in internal_huf_decompress

Kimball Thurston reports:

Fix scenario where malformed dwa file could read past end of buffer - fixes OSS-Fuzz 59382

Discovery 2023-05-28
Entry 2023-06-27
openexr

< 3.1.9

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59382
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.1.9
https://github.com/AcademySoftwareFoundation/openexr/commit/e431f7e189d0785bb84a5bfb83391e9e58590c49
https://github.com/AcademySoftwareFoundation/openexr/pull/1439