FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
107692a1-ee6c-11d9-8310-0001020eed82acroread -- insecure temporary file creation

Secunia Research reports:

Secunia has discovered a security issue in Adobe Reader for Linux, which can be exploited by malicious, local users to gain knowledge of sensitive information.

The problem is caused due to temporary files being created with permissions based on a user's umask in the "/tmp" folder under certain circumstances when documents are opened.

Successful exploitation allows an unprivileged user to read arbitrary users' documents.


Discovery 2005-06-29
Entry 2005-07-06
acroread4
acroread5
ge 0

acroread
< 7.0.0

gt 5.*,1 lt 7.0.0,1

CVE-2005-1912
http://secunia.com/secunia_research/2005-6/advisory/
28e93883-539f-11d9-a9e7-0001020eed82acroread5 -- mailListIsPdf() buffer overflow vulnerability

An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow in version 5.09 of Adobe Acrobat Reader for Unix could allow for execution of arbitrary code.

The vulnerability specifically exists in a the function mailListIsPdf(). This function checks if the input file is an email message containing a PDF. It unsafely copies user supplied data using strcat into a fixed sized buffer.


Discovery 2004-10-14
Entry 2004-12-21
Modified 2005-01-06
acroread
acroread4
acroread5
< 5.10

CVE-2004-1152
253024
http://www.adobe.com/support/techdocs/331153.html
http://www.idefense.com/application/poi/display?id=161&type=vulnerabilities
70c59485-ee5a-11d9-8310-0001020eed82acroread -- buffer overflow vulnerability

An Adobe Security Advisory reports:

A vulnerability within Adobe Reader has been identified. Under certain circumstances, remote exploitation of a buffer overflow in Adobe Reader could allow an attacker to execute arbitrary code.

If exploited, it could allow the execution of arbitrary code under the privileges of the local user. Remote exploitation is possible if the malicious PDF document is sent as an email attachment or if the PDF document is accessed via a web link.


Discovery 2005-07-05
Entry 2005-07-06
acroread4
acroread5
ge 0

acroread
< 7.0.0

gt 5.*,1 lt 7.0.0,1

CVE-2005-1625
http://www.adobe.com/support/techdocs/329083.html
http://marc.theaimsgroup.com/?l=bugtraq&m=112059685332569
78348ea2-ec91-11d8-b913-000c41e2cdadacroread uudecoder input validation error

An iDEFENSE security advisory reports:

Remote exploitation of an input validation error in the uudecoding feature of Adobe Acrobat Reader (Unix) 5.0 allows an attacker to execute arbitrary code.

The Unix and Linux versions of Adobe Acrobat Reader 5.0 automatically attempt to convert uuencoded documents back into their original format. The vulnerability specifically exists in the failure of Acrobat Reader to check for the backtick shell metacharacter in the filename before executing a command with a shell. This allows a maliciously constructed filename to execute arbitrary programs.


Discovery 2004-08-12
Entry 2004-08-12
Modified 2005-01-06
acroread
acroread4
acroread5
< 5.0.9

CVE-2004-0630
http://www.idefense.com/application/poi/display?id=124&type=vulnerabilities
f74dc01b-0e83-11da-bc08-0001020eed82acroread -- plug-in buffer overflow vulnerability

A Adobe Security Advisory reports:

The identified vulnerability is a buffer overflow within a core application plug-in, which is part of Adobe Acrobat and Adobe Reader. If a malicious file were opened it could trigger a buffer overflow as the file is being loaded into Adobe Acrobat and Adobe Reader. A buffer overflow can cause the application to crash and increase the risk of malicious code execution.


Discovery 2005-08-16
Entry 2005-08-16
acroread
< 7.0.1

gt 5.*,1 lt 7.0.1,1

acroread4
acroread5
ge 0

acroread7
< 7.0.1

CVE-2005-2470
http://www.adobe.com/support/techdocs/321644.html