FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-20 14:15:46 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
51a59f36-3c58-11ee-b32e-080027f5fec9clamav -- Possible denial of service vulnerability in the HFS+ file parser

Steve Smith reports:

There is a possible denial of service vulnerability in the HFS+ file parser.


Discovery 2023-08-15
Entry 2023-08-16
clamav
< 1.1.1,1

clamav-lts
< 1.0.2,1

CVE-2023-20197
https://blog.clamav.net/2023/07/2023-08-16-releases.html
68ae70c5-c5e5-11ee-9768-08002784c58dclamav -- Multiple vulnerabilities

The ClamAV project reports:

CVE-2024-20290
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.
CVE-2024-20328
Fixed a possible command injection vulnerability in the "VirusEvent" feature of ClamAV's ClamD service. To fix this issue, we disabled the '%f' format string parameter. ClamD administrators may continue to use the `CLAM_VIRUSEVENT_FILENAME` environment variable, instead of '%f'. But you should do so only from within an executable, such as a Python script, and not directly in the clamd.conf "VirusEvent" command.

Discovery 2024-02-07
Entry 2024-02-07
clamav
< 1.2.2,1

clamav-lts
< 1.0.5,1

CVE-2024-20290
CVE-2024-20328
https://blog.clamav.net/2023/11/clamav-130-122-105-released.html