FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-02 20:06:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b48e7b14-052a-11ea-a1de-53b029d2b061	libmad -- multiple vulnerabilities National Vulnerability Database: CVE-2017-8372: The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file. CVE-2017-8373: The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file. CVE-2017-8374: The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. Discovery 2017-04-30 Entry 2019-11-13 libmad < 0.15.1b_7 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133#15 https://nvd.nist.gov/vuln/detail/CVE-2017-8372 https://nvd.nist.gov/vuln/detail/CVE-2017-8373 https://nvd.nist.gov/vuln/detail/CVE-2017-8374 https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/ https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/ https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/ CVE-2017-8372 CVE-2017-8373 CVE-2017-8374

VuXML ID

Description

b48e7b14-052a-11ea-a1de-53b029d2b061

libmad -- multiple vulnerabilities

National Vulnerability Database:

CVE-2017-8372: The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file.

CVE-2017-8373: The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.

CVE-2017-8374: The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file.

Discovery 2017-04-30
Entry 2019-11-13
libmad

< 0.15.1b_7

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133#15
https://nvd.nist.gov/vuln/detail/CVE-2017-8372
https://nvd.nist.gov/vuln/detail/CVE-2017-8373
https://nvd.nist.gov/vuln/detail/CVE-2017-8374
https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/
https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/
CVE-2017-8372
CVE-2017-8373
CVE-2017-8374