FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f2596f27-db4c-11eb-8bc6-c556d71493c9openexr v3.0.5 -- fixes miscellaneous security issues

Cary Phillips reports:

  • 1038 fix/extend part number validation in MultiPart methods
  • 1037 verify data size in deepscanlines with NO_COMPRESSION
  • 1036 detect buffer overflows in RleUncompress

Discovery 2021-06-03
Entry 2021-07-02
openexr
< 3.0.5

https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.0.5
b6ef8a53-8062-11ec-9af3-fb232efe4d2eOpenEXR -- Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute

Cary Phillips reports:

[OpenEXR Version 3.1.4 is a] patch release that [...] addresses one public security vulnerability: CVE-2021-45942 Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute [and several] specific OSS-fuzz issues [...].


Discovery 2021-11-26
Entry 2022-01-28
openexr
< 3.1.4

CVE-2021-45942
https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41999
https://github.com/AcademySoftwareFoundation/openexr/pull/1209