FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-02-13 20:06:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1886e195-8b87-11e5-90e7-b499baebfeaf	libpng buffer overflow in png_set_PLTE libpng reports: CVE for a vulnerability in libpng, all versions, in the png_set_PLTE/png_get_PLTE functions. These functions failed to check for an out-of-range palette when reading or writing PNG files with a bit_depth less than 8. Some applications might read the bit depth from the IHDR chunk and allocate memory for a 2^N entry palette, while libpng can return a palette with up to 256 entries even when the bit depth is less than 8. Discovery 2015-11-15 Entry 2015-11-15 Modified 2015-12-08 png < 1.6.20 http://www.openwall.com/lists/oss-security/2015/11/12/2 http://www.openwall.com/lists/oss-security/2015/12/03/6 CVE-2015-8126 CVE-2015-8472
c564f9bd-8ba7-11e4-801f-0022156e8794	png -- heap overflow for 32-bit builds 32-bit builds of PNG library are vulnerable to an unsigned integer overflow that is triggered by a crafted wide interlaced images. Overflow results in a heap corruption that will crash the application and may lead to the controlled overwrite of a selected portions of process address space. Discovery 2014-12-23 Entry 2015-01-05 png >= 1.2.6 lt 1.5.21 >= 1.6 lt 1.6.16 http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt http://codelabs.ru/security/vulns/analysis/libpng/2014-dec-libpng-1.6.15/

VuXML ID

Description

1886e195-8b87-11e5-90e7-b499baebfeaf

libpng buffer overflow in png_set_PLTE

libpng reports:

CVE for a vulnerability in libpng, all versions, in the png_set_PLTE/png_get_PLTE functions. These functions failed to check for an out-of-range palette when reading or writing PNG files with a bit_depth less than 8. Some applications might read the bit depth from the IHDR chunk and allocate memory for a 2^N entry palette, while libpng can return a palette with up to 256 entries even when the bit depth is less than 8.

Discovery 2015-11-15
Entry 2015-11-15
Modified 2015-12-08
png

< 1.6.20

http://www.openwall.com/lists/oss-security/2015/11/12/2
http://www.openwall.com/lists/oss-security/2015/12/03/6
CVE-2015-8126
CVE-2015-8472

c564f9bd-8ba7-11e4-801f-0022156e8794

png -- heap overflow for 32-bit builds

32-bit builds of PNG library are vulnerable to an unsigned integer overflow that is triggered by a crafted wide interlaced images. Overflow results in a heap corruption that will crash the application and may lead to the controlled overwrite of a selected portions of process address space.

Discovery 2014-12-23
Entry 2015-01-05
png

>= 1.2.6 lt 1.5.21

>= 1.6 lt 1.6.16

http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt
http://codelabs.ru/security/vulns/analysis/libpng/2014-dec-libpng-1.6.15/