FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  374986
Date:      2014-12-20
Time:      00:21:30Z
Committer: delphij

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2747fc39-915b-11dc-9239-001c2514716cxpdf -- multiple remote Stream.CC vulnerabilities

Secunia Research reports:

Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system.

  • An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.
  • An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
  • A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter.

Successful exploitation may allow execution of arbitrary code.


Discovery 2007-11-07
Entry 2007-11-12
Modified 2007-11-14
cups-base
lt 1.3.3_2

gpdf
gt 0

kdegraphics
lt 3.5.8_1

koffice
lt 1.6.3_3,2

poppler
lt 0.6

xpdf
lt 3.02_5

26367
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
2747fc39-915b-11dc-9239-001c2514716cxpdf -- multiple remote Stream.CC vulnerabilities

Secunia Research reports:

Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system.

  • An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.
  • An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
  • A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter.

Successful exploitation may allow execution of arbitrary code.


Discovery 2007-11-07
Entry 2007-11-12
Modified 2007-11-14
cups-base
lt 1.3.3_2

gpdf
gt 0

kdegraphics
lt 3.5.8_1

koffice
lt 1.6.3_3,2

poppler
lt 0.6

xpdf
lt 3.02_5

26367
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393