FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2747fc39-915b-11dc-9239-001c2514716cxpdf -- multiple remote Stream.CC vulnerabilities

Secunia Research reports:

Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system.

  • An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.
  • An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
  • A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter.

Successful exploitation may allow execution of arbitrary code.


Discovery 2007-11-07
Entry 2007-11-12
Modified 2007-11-14
cups-base
< 1.3.3_2

gpdf
gt 0

kdegraphics
< 3.5.8_1

koffice
< 1.6.3_3,2

poppler
< 0.6

xpdf
< 3.02_5

26367
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
0e43a14d-3f3f-11dc-a79a-0016179b2dd5xpdf -- stack based buffer overflow

The KDE Team reports:

kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor(). Remotely supplied pdf files can be used to disrupt the kpdf viewer on the client machine and possibly execute arbitrary code.


Discovery 2007-07-30
Entry 2007-07-31
Modified 2009-04-29
xpdf
< 3.02_2

kdegraphics
< 3.5.7_1

cups-base
< 1.2.11_3

gpdf
gt 0

pdftohtml
< 0.39_3

poppler
< 0.5.9_4

25124
CVE-2007-3387
http://www.kde.org/info/security/advisory-20070730-1.txt
24eee285-09c7-11da-bc08-0001020eed82xpdf -- disk fill DoS vulnerability

xpdf is vulnerable to a denial of service vulnerability which can cause xpdf to create an infinitely large file, thereby filling up the /tmp partition, when opening a specially crafted PDF file.

Note that several applications contains an embedded version of xpdf, therefor making them the vulnerable to the same DoS. In CUPS this vulnerability would cause the pdftops filter to crash.


Discovery 2005-08-09
Entry 2005-08-12
Modified 2005-09-07
xpdf
< 3.00_7

kdegraphics
< 3.4.2

gpdf
< 2.10.0_2

cups-base
< 1.1.23.0_5

14529
CVE-2005-2097
http://rhn.redhat.com/errata/RHSA-2005-670.html
http://www.kde.org/info/security/advisory-20050809-1.txt
432bf98d-9e25-11da-b410-000e0c2e438akpdf -- heap based buffer overflow

The KDE team reports:

kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code.


Discovery 2006-02-02
Entry 2006-02-15
kdegraphics
< 3.5.1_1

CVE-2006-0301
http://www.kde.org/info/security/advisory-20060202-1.txt