FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6dbae1a8-a4e6-11e5-b864-14dae9d210b8cups-filters -- code execution

Salvatore Bonaccorso reports:

Cups Filters/Foomatic Filters does not consider backtick as an illegal escape character.


Discovery 2015-10-30
Entry 2015-12-17
cups-filters
< 1.2.0

foomatic-filters
< 4.0.17_4

http://www.openwall.com/lists/oss-security/2015/12/13/2
CVE-2015-8327
7329938b-a4e6-11e5-b864-14dae9d210b8cups-filters -- code execution

Till Kamppeter reports:

Cups Filters/Foomatic Filters does not consider semicolon as an illegal escape character.


Discovery 2015-12-12
Entry 2015-12-17
cups-filters
< 1.4.0

foomatic-filters
< 4.0.17_4

http://www.openwall.com/lists/oss-security/2015/12/14/13
CVE-2015-8560
b19da422-1e02-11e5-b43d-002590263bf5cups-filters -- buffer overflow in texttopdf size allocation

Stefan Cornelius from Red Hat reports:

A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filters processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code.

Till Kamppeter reports:

texttopdf: Fixed buffer overflow on size allocation of texttopdf when working with extremely small line sizes, which causes the size calculation to result in 0 (CVE-2015-3258, thanks to Stefan Cornelius from Red Hat for the patch).


Discovery 2015-06-26
Entry 2015-06-29
cups-filters
< 1.0.70

CVE-2015-3258
http://www.openwall.com/lists/oss-security/2015/06/26/4
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363
bf1d9331-21b6-11e5-86ff-14dae9d210b8cups-filters -- texttopdf integer overflow

Stefan Cornelius from Red Hat reports:

An integer overflow flaw leading to a heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the 'lp' user.

Tim Waugh reports:

The Page allocation is moved into textcommon.c, where it does all the necessary checking: lower-bounds for CVE-2015-3258 and upper-bounds for CVE-2015-3259 due to integer overflows for the calloc() call initializing Page[0] and the memset() call in texttopdf.c's WritePage() function zeroing the entire array.


Discovery 2015-07-03
Entry 2015-07-03
Modified 2015-07-07
cups-filters
< 1.0.71

CVE-2015-3279
https://access.redhat.com/security/cve/CVE-2015-3279
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365
http://osdir.com/ml/opensource-software-security/2015-07/msg00021.html