FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 05:42:14 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a460035e-d111-11e1-aff7-001fd056c417	libjpeg-turbo -- heap-based buffer overflow The Changelog for version 1.2.1 says: Fixed a regression caused by 1.2.0[6] in which decompressing corrupt JPEG images (specifically, images in which the component count was erroneously set to a large value) would cause libjpeg-turbo to segfault. A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Discovery 2012-05-31 Entry 2012-07-18 Modified 2012-07-19 libjpeg-turbo < 1.2.1 CVE-2012-2806 http://sourceforge.net/projects/libjpeg-turbo/files/1.2.1/README.txt https://bugzilla.redhat.com/show_bug.cgi?id=826849
23a667c7-0b28-11eb-8834-00155d01f202	libjpeg-turbo -- Issue in the PPM reader causing a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function. libjpeg-turbo releases reports: This release fixes the following security issue: Heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. Discovery 2020-06-03 Entry 2020-10-10 libjpeg-turbo < 2.0.4 CVE-2020-13790 https://nvd.nist.gov/vuln/detail/CVE-2020-13790

VuXML ID

Description

a460035e-d111-11e1-aff7-001fd056c417

libjpeg-turbo -- heap-based buffer overflow

The Changelog for version 1.2.1 says: Fixed a regression caused by 1.2.0[6] in which decompressing corrupt JPEG images (specifically, images in which the component count was erroneously set to a large value) would cause libjpeg-turbo to segfault.

A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application.

Discovery 2012-05-31
Entry 2012-07-18
Modified 2012-07-19
libjpeg-turbo

< 1.2.1

CVE-2012-2806
http://sourceforge.net/projects/libjpeg-turbo/files/1.2.1/README.txt
https://bugzilla.redhat.com/show_bug.cgi?id=826849

23a667c7-0b28-11eb-8834-00155d01f202

libjpeg-turbo -- Issue in the PPM reader causing a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function.

libjpeg-turbo releases reports:

This release fixes the following security issue:

Heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.

Discovery 2020-06-03
Entry 2020-10-10
libjpeg-turbo

< 2.0.4

CVE-2020-13790
https://nvd.nist.gov/vuln/detail/CVE-2020-13790