FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-27 12:04:33 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
43024078-9b63-11df-8983-001d60d86f38	libmspack -- infinite loop denial of service There is a denial of service vulnerability in libmspack. The libmspack code is built into cabextract, so it is also vulnerable. Secunia reports: The vulnerability is caused due to an error when copying data from an uncompressed block (block type 0) and can be exploited to trigger an infinite loop by tricking an application using the library into processing specially crafted MS-ZIP archives. Discovery 2010-07-26 Entry 2010-07-30 libmspack <= 0.0.20060920 cabextract < 1.3 http://secunia.com/advisories/40719/
cc7548ef-06e1-11e5-8fda-002590263bf5	libmspack -- frame_end overflow which could cause infinite loop There is a denial of service vulnerability in libmspack. The libmspack code is built into cabextract, so it is also vulnerable. MITRE reports: Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop. Discovery 2014-12-11 Entry 2015-05-31 libmspack < 0.5 cabextract < 1.5 CVE-2014-9556 https://bugs.debian.org/773041 http://www.openwall.com/lists/oss-security/2015/01/07/2

VuXML ID

Description

43024078-9b63-11df-8983-001d60d86f38

libmspack -- infinite loop denial of service

There is a denial of service vulnerability in libmspack. The libmspack code is built into cabextract, so it is also vulnerable.

Secunia reports:

The vulnerability is caused due to an error when copying data from an uncompressed block (block type 0) and can be exploited to trigger an infinite loop by tricking an application using the library into processing specially crafted MS-ZIP archives.

Discovery 2010-07-26
Entry 2010-07-30
libmspack

<= 0.0.20060920

cabextract

< 1.3

http://secunia.com/advisories/40719/

cc7548ef-06e1-11e5-8fda-002590263bf5

libmspack -- frame_end overflow which could cause infinite loop

There is a denial of service vulnerability in libmspack. The libmspack code is built into cabextract, so it is also vulnerable.

MITRE reports:

Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.

Discovery 2014-12-11
Entry 2015-05-31
libmspack

< 0.5

cabextract

< 1.5

CVE-2014-9556
https://bugs.debian.org/773041
http://www.openwall.com/lists/oss-security/2015/01/07/2