From owner-svn-ports-head@freebsd.org Wed Jul 15 15:50:00 2015 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D588F9A12DE; Wed, 15 Jul 2015 15:50:00 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B432E1D54; Wed, 15 Jul 2015 15:50:00 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from svnmir.geo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6FFo0ju030173; Wed, 15 Jul 2015 15:50:00 GMT (envelope-from feld@FreeBSD.org) Received: (from feld@localhost) by svnmir.geo.freebsd.org (8.14.9/8.14.9/Submit) id t6FFo05A030172; Wed, 15 Jul 2015 15:50:00 GMT (envelope-from feld@FreeBSD.org) Message-Id: <201507151550.t6FFo05A030172@svnmir.geo.freebsd.org> X-Authentication-Warning: svnmir.geo.freebsd.org: feld set sender to feld@FreeBSD.org using -f From: Mark Felder Date: Wed, 15 Jul 2015 15:50:00 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r392159 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jul 2015 15:50:01 -0000 Author: feld Date: Wed Jul 15 15:49:59 2015 New Revision: 392159 URL: https://svnweb.freebsd.org/changeset/ports/392159 Log: - Document multiple security issues for libwmf PR: 201513 Security: CVE-2004-0941 Security: CVE-2007-0455 Security: CVE-2007-2756 Security: CVE-2007-3472 Security: CVE-2007-3473 Security: CVE-2007-3477 Security: CVE-2009-3546 Security: CVE-2015-4695 Security: CVE-2015-4696 Security: CVE-2015-0848 Security: CVE-2015-4588 Security: ca139c7f-2a8c-11e5-a4a5-002590263bf5 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jul 15 15:38:18 2015 (r392158) +++ head/security/vuxml/vuln.xml Wed Jul 15 15:49:59 2015 (r392159) @@ -58,6 +58,109 @@ Notes: --> + + libwmf -- multiple vulnerabilities + + + libwmf + 0.2.8.4_14 + + + + +

Mitre reports:

+
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 + and earlier may allow remote attackers to execute arbitrary code via + malformed image files that trigger the overflows due to improper + calls to the gdMalloc function, a different set of vulnerabilities + than CVE-2004-0990.
+

+
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD + Graphics Library 2.0.33 and earlier allows remote attackers to cause + a denial of service (application crash) and possibly execute + arbitrary code via a crafted string with a JIS encoded font.
+

+
The gdPngReadData function in libgd 2.0.34 allows user-assisted + attackers to cause a denial of service (CPU consumption) via a + crafted PNG image with truncated data, which causes an infinite loop + in the png_read_info function in libpng.
+

+
Integer overflow in gdImageCreateTrueColor function in the GD + Graphics Library (libgd) before 2.0.35 allows user-assisted remote + attackers to have unspecified attack vectors and impact.
+

+
The gdImageCreateXbm function in the GD Graphics Library (libgd) + before 2.0.35 allows user-assisted remote attackers to cause a + denial of service (crash) via unspecified vectors involving a + gdImageCreate failure.
+

+
The (a) imagearc and (b) imagefilledarc functions in GD Graphics + Library (libgd) before 2.0.35 allow attackers to cause a denial of + service (CPU consumption) via a large (1) start or (2) end angle + degree value.
+

+
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before + 5.3.1, and the GD Graphics Library 2.x, does not properly verify a + certain colorsTotal structure member, which might allow remote + attackers to conduct buffer overflow or buffer over-read attacks via + a crafted GD file, a different vulnerability than CVE-2009-3293. + NOTE: some of these details are obtained from third party + information.
+

+
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote + attackers to cause a denial of service (crash) or possibly execute + arbitrary code via a crafted BMP image.
+

+
meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial + of service (out-of-bounds read) via a crafted WMF file.
+

+
Use-after-free vulnerability in libwmf 0.2.8.4 allows remote + attackers to cause a denial of service (crash) via a crafted WMF + file to the (1) wmf2gd or (2) wmf2eps command.
+

+
Heap-based buffer overflow in the DecodeImage function in libwmf + 0.2.8.4 allows remote attackers to cause a denial of service (crash) + or possibly execute arbitrary code via a crafted "run-length count" + in an image in a WMF file.
+

+ + + + 11663 + 22289 + 24089 + 24651 + 36712 + ports/201513 + CVE-2004-0941 + CVE-2007-0455 + CVE-2007-2756 + CVE-2007-3472 + CVE-2007-3473 + CVE-2007-3477 + CVE-2009-3546 + CVE-2015-0848 + CVE-2015-4695 + CVE-2015-4696 + CVE-2015-4588 + + + 2004-10-12 + 2015-07-15 + + + apache24 -- multiple vulnerabilities