FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  496262
Date:      2019-03-19
Time:      14:51:03Z
Committer: swills

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ff65eecb-91e4-11dc-bd6c-0016179b2dd5flac -- media file processing integer overflow vulnerabilities

iDefense Laps reports:

Remote exploitation of multiple integer overflow vulnerabilities in libFLAC, as included with various vendor's software distributions, allows attackers to execute arbitrary code in the context of the currently logged in user.

These vulnerabilities specifically exist in the handling of malformed FLAC media files. In each case, an integer overflow can occur while calculating the amount of memory to allocate. As such, insufficient memory is allocated for the data that is subsequently read in from the file, and a heap based buffer overflow occurs.


Discovery 2007-10-11
Entry 2007-11-13
flac
lt 1.1.2_2

CVE-2007-4619
http://secunia.com/advisories/27210/
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608
ff65eecb-91e4-11dc-bd6c-0016179b2dd5flac -- media file processing integer overflow vulnerabilities

iDefense Laps reports:

Remote exploitation of multiple integer overflow vulnerabilities in libFLAC, as included with various vendor's software distributions, allows attackers to execute arbitrary code in the context of the currently logged in user.

These vulnerabilities specifically exist in the handling of malformed FLAC media files. In each case, an integer overflow can occur while calculating the amount of memory to allocate. As such, insufficient memory is allocated for the data that is subsequently read in from the file, and a heap based buffer overflow occurs.


Discovery 2007-10-11
Entry 2007-11-13
flac
lt 1.1.2_2

CVE-2007-4619
http://secunia.com/advisories/27210/
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=608
a33addf6-74e6-11e4-a615-f8b156b6dcc8flac -- Multiple vulnerabilities

Erik de Castro Lopo reports:

Google Security Team member, Michele Spagnuolo, recently found two potential problems in the FLAC code base. They are:

  • CVE-2014-9028: Heap buffer write overflow.
  • CVE-2014-8962: Heap buffer read overflow.

Discovery 2014-11-25
Entry 2014-11-25
Modified 2015-07-15
flac
lt 1.3.0_3

linux-c6-flac
lt 1.2.1_3

https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e
CVE-2014-8962
https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
CVE-2014-9028