FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-21 22:24:55 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
8816bf3a-7929-11df-bcce-0018f3e2eb82	tiff -- Multiple integer overflows Tielei Wang: Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr. Discovery 2009-05-22 Entry 2010-06-16 tiff < 3.9.4 linux-tiff linux-f10-tiff < 3.9.4 CVE-2009-2347 http://www.remotesensing.org/libtiff/v3.9.4.html http://www.ocert.org/advisories/ocert-2009-012.html
313da7dc-763b-11df-bcce-0018f3e2eb82	tiff -- buffer overflow vulnerability Kevin Finisterre reports: Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking. Credit to Kevin Finisterre of digitalmunition.com for reporting these issues. Discovery 2010-04-15 Entry 2010-06-12 tiff < 3.9.3 linux-tiff < 3.9.3 CVE-2010-1411 http://www.remotesensing.org/libtiff/v3.9.3.html http://support.apple.com/kb/HT4196

VuXML ID

Description

8816bf3a-7929-11df-bcce-0018f3e2eb82

tiff -- Multiple integer overflows

Tielei Wang:

Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.

Discovery 2009-05-22
Entry 2010-06-16
tiff

< 3.9.4

linux-tiff
linux-f10-tiff

< 3.9.4

CVE-2009-2347
http://www.remotesensing.org/libtiff/v3.9.4.html
http://www.ocert.org/advisories/ocert-2009-012.html

313da7dc-763b-11df-bcce-0018f3e2eb82

tiff -- buffer overflow vulnerability

Kevin Finisterre reports:

Multiple integer overflows in the handling of TIFF files may result in a heap buffer overflow. Opening a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution. The issues are addressed through improved bounds checking. Credit to Kevin Finisterre of digitalmunition.com for reporting these issues.

Discovery 2010-04-15
Entry 2010-06-12
tiff

< 3.9.3

linux-tiff

< 3.9.3

CVE-2010-1411
http://www.remotesensing.org/libtiff/v3.9.3.html
http://support.apple.com/kb/HT4196