FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-10-31 10:54:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
381deebb-f5c9-11e9-9c4f-74d435e60b7cfile -- Heap buffer overflow possible

mitre reports

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).


Discovery 2019-08-26
Entry 2019-11-02
file
< 5.37

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16780
https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
9575259a-92d5-11e4-bce6-d050992ecde8file -- multiple vulnerabilities

RedHat reports:

Thomas Jarosch of Intra2net AG reported a number of denial of service issues (resource consumption) in the ELF parser used by file(1). These issues were fixed in the 5.21 release of file(1), but by mistake are missing from the changelog.


Discovery 2014-12-16
Entry 2015-01-02
file
< 5.21

FreeBSD
>= 8.4 lt 8.4_20

>= 9.1 lt 9.1_23

>= 9.2 lt 9.2_16

>= 9.3 lt 9.3_6

>= 10.0 lt 10.0_13

>= 10.1 lt 10.1_1

CVE-2014-3710
CVE-2014-8116
CVE-2014-8117
SA-14:28.file
http://seclists.org/oss-sec/2014/q4/1056