FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-29 13:24:46 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2bcd6ba4-d8e2-42e5-9033-b50b722821fbelectron{22,24,25} -- Heap buffer overflow in vp8 encoding in libvpx

Electron developers report:

This update fixes the following vulnerability:

  • Security: backported fix for CVE-2023-5217.

Discovery 2023-09-28
Entry 2023-09-29
Modified 2023-09-30
electron22
< 22.3.25

electron24
< 24.8.5

electron25
< 25.8.4

libvpx
< 1.13.1

CVE-2023-5217
https://github.com/advisories/GHSA-qqvq-6xgj-jw8g
6ca7eddd-d436-486a-b169-b948436bcf14libvpx -- buffer overflow in vp9_init_context_buffers

The Mozilla Project reports:

Security researcher Khalil Zhani reported that a maliciously crafted vp9 format video could be used to trigger a buffer overflow while parsing the file. This leads to a potentially exploitable crash due to a flaw in the libvpx library.


Discovery 2015-09-22
Entry 2015-11-10
libvpx
< 1.4.0.488_1

CVE-2015-4506
https://www.mozilla.org/security/advisories/mfsa2015-101/