FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
8fedf75c-ef2f-11e6-900e-003048f78448	optipng -- multiple vulnerabilities ifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file. The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image. Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file. Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow. Discovery 2015-10-09 Entry 2017-02-16 optipng < 0.7.6 CVE-2015-7802 CVE-2016-2191 CVE-2016-3981 CVE-2016-3982
fe7ac70a-792b-11ee-bf9a-a04a5edf46d9	PptiPNG -- Global-buffer-overflow Frank-Z7 reports: Running optipng with the "-zm 3 -zc 1 -zw 256 -snip -out" configuration options enabled raises a global-buffer-overflow bug, which could allow a remote attacker to conduct a denial-of-service attack or other unspecified effect on a crafted file. Discovery 2023-09-30 Entry 2023-11-02 optipng < 0.7.7_1 CVE-2023-43907 https://nvd.nist.gov/vuln/detail/CVE-2023-43907

VuXML ID

Description

8fedf75c-ef2f-11e6-900e-003048f78448

optipng -- multiple vulnerabilities

ifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.

The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image.

Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file.

Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.

Discovery 2015-10-09
Entry 2017-02-16
optipng

< 0.7.6

CVE-2015-7802
CVE-2016-2191
CVE-2016-3981
CVE-2016-3982

fe7ac70a-792b-11ee-bf9a-a04a5edf46d9

PptiPNG -- Global-buffer-overflow

Frank-Z7 reports:

Running optipng with the "-zm 3 -zc 1 -zw 256 -snip -out" configuration options enabled raises a global-buffer-overflow bug, which could allow a remote attacker to conduct a denial-of-service attack or other unspecified effect on a crafted file.

Discovery 2023-09-30
Entry 2023-11-02
optipng

< 0.7.7_1

CVE-2023-43907
https://nvd.nist.gov/vuln/detail/CVE-2023-43907