svn commit: r438968 - head/security/vuxml
Jan Beich
jbeich at FreeBSD.org
Thu Apr 20 15:29:22 UTC 2017
Author: jbeich
Date: Thu Apr 20 15:29:21 2017
New Revision: 438968
URL: https://svnweb.freebsd.org/changeset/ports/438968
Log:
security/vuxml: mark old sndfile/samplerate/tiff as vulnerable
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Apr 20 14:58:47 2017 (r438967)
+++ head/security/vuxml/vuln.xml Thu Apr 20 15:29:21 2017 (r438968)
@@ -58,6 +58,216 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="2a96e498-3234-4950-a9ad-419bc84a839d">
+ <topic>tiff -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>tiff</name>
+ <name>linux-f8-tiff</name>
+ <name>linux-f10-tiff</name>
+ <name>linux-c6-tiff</name>
+ <name>linux-c7-tiff</name>
+ <range><lt>4.0.8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVD reports:</p>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-5225">
+ <p>LibTIFF version 4.0.7 is vulnerable to a heap buffer
+ overflow in the tools/tiffcp resulting in DoS or code
+ execution via a crafted BitsPerSample value.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7592">
+ <p>The putagreytile function in tif_getimage.c in LibTIFF
+ 4.0.7 has a left-shift undefined behavior issue, which
+ might allow remote attackers to cause a denial of service
+ (application crash) or possibly have unspecified other
+ impact via a crafted image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7593">
+ <p>tif_read.c in LibTIFF 4.0.7 does not ensure that
+ tif_rawdata is properly initialized, which might allow
+ remote attackers to obtain sensitive information from
+ process memory via a crafted image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7594">
+ <p>The OJPEGReadHeaderInfoSecTablesDcTable function in
+ tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to
+ cause a denial of service (memory leak) via a crafted
+ image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7595">
+ <p>The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF
+ 4.0.7 allows remote attackers to cause a denial of service
+ (divide-by-zero error and application crash) via a crafted
+ image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7596">
+ <p>LibTIFF 4.0.7 has an "outside the range of
+ representable values of type float" undefined behavior
+ issue, which might allow remote attackers to cause a
+ denial of service (application crash) or possibly have
+ unspecified other impact via a crafted image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7597">
+ <p>tif_dirread.c in LibTIFF 4.0.7 has an "outside the
+ range of representable values of type float" undefined
+ behavior issue, which might allow remote attackers to
+ cause a denial of service (application crash) or possibly
+ have unspecified other impact via a crafted image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7598">
+ <p>tif_dirread.c in LibTIFF 4.0.7 might allow remote
+ attackers to cause a denial of service (divide-by-zero
+ error and application crash) via a crafted image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7599">
+ <p>LibTIFF 4.0.7 has an "outside the range of
+ representable values of type short" undefined behavior
+ issue, which might allow remote attackers to cause a
+ denial of service (application crash) or possibly have
+ unspecified other impact via a crafted image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7600">
+ <p>LibTIFF 4.0.7 has an "outside the range of
+ representable values of type unsigned char" undefined
+ behavior issue, which might allow remote attackers to
+ cause a denial of service (application crash) or possibly
+ have unspecified other impact via a crafted image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7601">
+ <p>LibTIFF 4.0.7 has a "shift exponent too large for
+ 64-bit type long" undefined behavior issue, which might
+ allow remote attackers to cause a denial of service
+ (application crash) or possibly have unspecified other
+ impact via a crafted image.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7602">
+ <p>LibTIFF 4.0.7 has a signed integer overflow, which
+ might allow remote attackers to cause a denial of service
+ (application crash) or possibly have unspecified other
+ impact via a crafted image.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5225</cvename>
+ <cvename>CVE-2017-7592</cvename>
+ <cvename>CVE-2017-7593</cvename>
+ <cvename>CVE-2017-7594</cvename>
+ <cvename>CVE-2017-7595</cvename>
+ <cvename>CVE-2017-7596</cvename>
+ <cvename>CVE-2017-7597</cvename>
+ <cvename>CVE-2017-7598</cvename>
+ <cvename>CVE-2017-7599</cvename>
+ <cvename>CVE-2017-7600</cvename>
+ <cvename>CVE-2017-7601</cvename>
+ <cvename>CVE-2017-7602</cvename>
+ <url>https://github.com/vadz/libtiff/commit/5c080298d59e</url>
+ <url>https://github.com/vadz/libtiff/commit/48780b4fcc42</url>
+ <url>https://github.com/vadz/libtiff/commit/d60332057b95</url>
+ <url>https://github.com/vadz/libtiff/commit/2ea32f7372b6</url>
+ <url>https://github.com/vadz/libtiff/commit/8283e4d1b7e5</url>
+ <url>https://github.com/vadz/libtiff/commit/47f2fb61a3a6</url>
+ <url>https://github.com/vadz/libtiff/commit/3cfd62d77c2a</url>
+ <url>https://github.com/vadz/libtiff/commit/3144e57770c1</url>
+ <url>https://github.com/vadz/libtiff/commit/0a76a8c765c7</url>
+ <url>https://github.com/vadz/libtiff/commit/66e7bd595209</url>
+ </references>
+ <dates>
+ <discovery>2017-04-01</discovery>
+ <entry>2017-04-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="d44129d6-b22e-4e9c-b200-6a46e8bd3e60">
+ <topic>libsamplerate -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libsamplerate</name>
+ <name>linux-c6-libsamplerate</name>
+ <name>linux-c7-libsamplerate</name>
+ <range><lt>0.1.9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVD reports:</p>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7697">
+ <p>In libsamplerate before 0.1.9, a buffer over-read
+ occurs in the calc_output_single function in src_sinc.c
+ via a crafted audio file.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-7697</cvename>
+ <url>https://github.com/erikd/libsamplerate/commit/c3b66186656d</url>
+ </references>
+ <dates>
+ <discovery>2017-04-11</discovery>
+ <entry>2017-04-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5a97805e-93ef-4dcb-8d5e-dbcac263bfc2">
+ <topic>libsndfile -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libsndfile</name>
+ <name>linux-c6-libsndfile</name>
+ <name>linux-c7-libsndfile</name>
+ <range><lt>1.0.28</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVD reports:</p>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7585">
+ <p>In libsndfile before 1.0.28, an error in the
+ "flac_buffer_copy()" function (flac.c) can be exploited to
+ cause a stack-based buffer overflow via a specially crafted
+ FLAC file.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7586">
+ <p>In libsndfile before 1.0.28, an error in the
+ "header_read()" function (common.c) when handling ID3 tags
+ can be exploited to cause a stack-based buffer overflow
+ via a specially crafted FLAC file.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7741">
+ <p>In libsndfile before 1.0.28, an error in the
+ "flac_buffer_copy()" function (flac.c) can be exploited to
+ cause a segmentation violation (with write memory access)
+ via a specially crafted FLAC file during a resample
+ attempt, a similar issue to CVE-2017-7585.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7742">
+ <p>In libsndfile before 1.0.28, an error in the
+ "flac_buffer_copy()" function (flac.c) can be exploited to
+ cause a segmentation violation (with read memory access)
+ via a specially crafted FLAC file during a resample
+ attempt, a similar issue to CVE-2017-7585.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-7585</cvename>
+ <cvename>CVE-2017-7586</cvename>
+ <cvename>CVE-2017-7741</cvename>
+ <cvename>CVE-2017-7742</cvename>
+ <url>https://github.com/erikd/libsndfile/commit/60b234301adf</url>
+ <url>https://github.com/erikd/libsndfile/commit/708e996c87c5</url>
+ <url>https://github.com/erikd/libsndfile/commit/f457b7b5ecfe</url>
+ <url>https://github.com/erikd/libsndfile/commit/60b234301adf</url>
+ </references>
+ <dates>
+ <discovery>2017-04-07</discovery>
+ <entry>2017-04-20</entry>
+ </dates>
+ </vuln>
+
<vuln vid="3e2e9b44-25ce-11e7-a175-939b30e0836d">
<topic>cURL -- TLS session resumption client cert bypass (again)</topic>
<affects>
More information about the svn-ports-head
mailing list