FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 05:42:14 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d1f5e12a-fd5a-11e3-a108-080027ef73ec	LZO -- potential buffer overrun when processing malicious input data Markus Franz Xaver Johannes Oberhumer reports, in the package's NEWS file: Fixed a potential integer overflow condition in the "safe" decompressor variants which could result in a possible buffer overrun when processing maliciously crafted compressed input data. As this issue only affects 32-bit systems and also can only happen if you use uncommonly huge buffer sizes where you have to decompress more than 16 MiB (2^24 bytes) compressed bytes within a single function call, the practical implications are limited. Discovery 2014-06-25 Entry 2014-06-26 Modified 2015-01-06 lzo2 < 2.07 busybox < 1.22.1_2 http://www.oberhumer.com/opensource/lzo/download/lzo-2.07.tar.gz CVE-2014-4608

VuXML ID

Description

d1f5e12a-fd5a-11e3-a108-080027ef73ec

LZO -- potential buffer overrun when processing malicious input data

Markus Franz Xaver Johannes Oberhumer reports, in the package's NEWS file:

Fixed a potential integer overflow condition in the "safe" decompressor variants which could result in a possible buffer overrun when processing maliciously crafted compressed input data.

As this issue only affects 32-bit systems and also can only happen if you use uncommonly huge buffer sizes where you have to decompress more than 16 MiB (2^24 bytes) compressed bytes within a single function call, the practical implications are limited.

Discovery 2014-06-25
Entry 2014-06-26
Modified 2015-01-06
lzo2

< 2.07

busybox

< 1.22.1_2

http://www.oberhumer.com/opensource/lzo/download/lzo-2.07.tar.gz
CVE-2014-4608