FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
00f30cba-4d23-11ea-86ba-641c67a117d8libexif -- privilege escalation

Mitre reports:

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation.


Discovery 2019-02-06
Entry 2020-02-11
libexif
< 0.6.21_5

CVE-2019-9278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
https://security-tracker.debian.org/tracker/CVE-2019-9278
https://seclists.org/bugtraq/2020/Feb/9
https://github.com/libexif/libexif/issues/26
cff0b2e2-0716-11eb-9e5d-08002728f74clibexif -- multiple vulnerabilities

Release notes:

Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others:

CVE-2016-6328: fixed integer overflow when parsing maker notes

CVE-2017-7544: fixed buffer overread

CVE-2018-20030: Fix for recursion DoS

CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs

CVE-2020-0093: read overflow

CVE-2020-12767: fixed division by zero

CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes

CVE-2020-13113: Potential use of uninitialized memory

CVE-2020-13114: Time consumption DoS when parsing canon array markers


Discovery 2020-05-18
Entry 2020-10-05
libexif
< 0.6.22

https://github.com/libexif/libexif/blob/master/NEWS
CVE-2016-6328
CVE-2017-7544
CVE-2018-20030
CVE-2019-9278
CVE-2020-0093
CVE-2020-12767
CVE-2020-13112
CVE-2020-13113
CVE-2020-13114