FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f755545e-6fcd-11d9-abec-00061bd2d56fxpdf -- makeFileKey2() buffer overflow vulnerability

An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer included in multiple Unix and Linux distributions could allow for arbitrary code execution as the user viewing a PDF file.

The vulnerability specifically exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. The offending code can be found in the Decrypt::makeFileKey2 function in the source file xpdf/Decrypt.cc.


Discovery 2005-01-06
Entry 2005-01-26
Modified 2005-02-03
xpdf
< 3.00_6

kdegraphics
< 3.3.2_2

gpdf
< 2.8.3

teTeX-base
< 2.0.2_9

cups-base
< 1.1.23.0_3

koffice
< 1.3.5_2,1

pdftohtml
< 0.36_2

CVE-2005-0064
http://marc.theaimsgroup.com/?l=bugtraq&m=110608898221554
http://www.koffice.org/security/advisory-20050120-1.txt
ad2f3337-26bf-11d9-9289-000c41e2cdadxpdf -- integer overflow vulnerabilities

Chris Evans discovered several integer arithmetic overflows in the xpdf 2 and xpdf 3 code bases. The flaws have impacts ranging from denial-of-service to arbitrary code execution.


Discovery 2004-10-21
Entry 2004-10-25
gpdf
cups-base
< 1.1.22.0

xpdf
< 3.00_4

kdegraphics
< 3.3.0_1

koffice
< 1.3.2_1,1

teTeX-base
< 2.0.2_4

CVE-2004-0888
CVE-2004-0889
http://scary.beasts.org/security/CESA-2004-002.txt
http://scary.beasts.org/security/CESA-2004-007.txt
http://www.kde.org/info/security/advisory-20041021-1.txt
e3e266e9-5473-11d9-a9e7-0001020eed82xpdf -- buffer overflow vulnerability

An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer, as included in multiple Linux distributions, could allow attackers to execute arbitrary code as the user viewing a PDF file. The offending code can be found in the Gfx::doImage() function in the source file xpdf/Gfx.cc.


Discovery 2004-11-23
Entry 2004-12-23
Modified 2005-01-13
xpdf
< 3.00_5

kdegraphics
< 3.3.2_1

gpdf
le 2.8.1

teTeX-base
le 2.0.2_6

cups-base
le 1.1.22.0

koffice
le 1.3.5,1

pdftohtml
< 0.36_1

CVE-2004-1125
http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities