FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
cff0b2e2-0716-11eb-9e5d-08002728f74c	libexif -- multiple vulnerabilities Release notes: Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others: CVE-2016-6328: fixed integer overflow when parsing maker notes CVE-2017-7544: fixed buffer overread CVE-2018-20030: Fix for recursion DoS CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs CVE-2020-0093: read overflow CVE-2020-12767: fixed division by zero CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes CVE-2020-13113: Potential use of uninitialized memory CVE-2020-13114: Time consumption DoS when parsing canon array markers Discovery 2020-05-18 Entry 2020-10-05 libexif < 0.6.22 https://github.com/libexif/libexif/blob/master/NEWS CVE-2016-6328 CVE-2017-7544 CVE-2018-20030 CVE-2019-9278 CVE-2020-0093 CVE-2020-12767 CVE-2020-13112 CVE-2020-13113 CVE-2020-13114
00f30cba-4d23-11ea-86ba-641c67a117d8	libexif -- privilege escalation Mitre reports: In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Discovery 2019-02-06 Entry 2020-02-11 libexif < 0.6.21_5 CVE-2019-9278 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278 https://security-tracker.debian.org/tracker/CVE-2019-9278 https://seclists.org/bugtraq/2020/Feb/9 https://github.com/libexif/libexif/issues/26

VuXML ID

Description

cff0b2e2-0716-11eb-9e5d-08002728f74c

libexif -- multiple vulnerabilities

Release notes:

Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others:

CVE-2016-6328: fixed integer overflow when parsing maker notes

CVE-2017-7544: fixed buffer overread

CVE-2018-20030: Fix for recursion DoS

CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs

CVE-2020-0093: read overflow

CVE-2020-12767: fixed division by zero

CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes

CVE-2020-13113: Potential use of uninitialized memory

CVE-2020-13114: Time consumption DoS when parsing canon array markers

Discovery 2020-05-18
Entry 2020-10-05
libexif

< 0.6.22

https://github.com/libexif/libexif/blob/master/NEWS
CVE-2016-6328
CVE-2017-7544
CVE-2018-20030
CVE-2019-9278
CVE-2020-0093
CVE-2020-12767
CVE-2020-13112
CVE-2020-13113
CVE-2020-13114

00f30cba-4d23-11ea-86ba-641c67a117d8

libexif -- privilege escalation

Mitre reports:

In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation.

Discovery 2019-02-06
Entry 2020-02-11
libexif

< 0.6.21_5

CVE-2019-9278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
https://security-tracker.debian.org/tracker/CVE-2019-9278
https://seclists.org/bugtraq/2020/Feb/9
https://github.com/libexif/libexif/issues/26