FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  373433
Date:      2014-11-25
Time:      21:42:42Z
Committer: naddy

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2747fc39-915b-11dc-9239-001c2514716cxpdf -- multiple remote Stream.CC vulnerabilities

Secunia Research reports:

Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system.

  • An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.
  • An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
  • A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter.

Successful exploitation may allow execution of arbitrary code.


Discovery 2007-11-07
Entry 2007-11-12
Modified 2007-11-14
cups-base
lt 1.3.3_2

gpdf
gt 0

kdegraphics
lt 3.5.8_1

koffice
lt 1.6.3_3,2

poppler
lt 0.6

xpdf
lt 3.02_5

26367
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
aa4d3d73-ef17-11e1-b593-00269ef07d24Calligra, KOffice -- input validation failure

KDE Security Advisory reports:

A flaw has been found which can allow malicious code to take advantage of an input validation failure in the Microsoft import filter in Calligra and KOffice. Exploitation can allow the attacker to gain control of the running process and execute code on its behalf.


Discovery 2012-08-10
Entry 2012-08-26
koffice
le 1.6.3_18,2

koffice-kde4
le 2.3.3_7

calligra
lt 2.5.0

CVE-2012-3455
CVE-2012-3456
http://www.kde.org/info/security/advisory-20120810-1.txt
http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf
2747fc39-915b-11dc-9239-001c2514716cxpdf -- multiple remote Stream.CC vulnerabilities

Secunia Research reports:

Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system.

  • An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.
  • An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
  • A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter.

Successful exploitation may allow execution of arbitrary code.


Discovery 2007-11-07
Entry 2007-11-12
Modified 2007-11-14
cups-base
lt 1.3.3_2

gpdf
gt 0

kdegraphics
lt 3.5.8_1

koffice
lt 1.6.3_3,2

poppler
lt 0.6

xpdf
lt 3.02_5

26367
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
9cd52bc6-a213-11da-b410-000e0c2e438aabiword, koffice -- stack based buffer overflow vulnerabilities

Chris Evans reports that AbiWord is vulnerable to multiple stack-based buffer overflow vulnerabilities. This is caused by improper checking of the user-supplied data before it is being copied to an too small buffer. The vulnerability is triggered when someone is importing RTF files.


Discovery 2005-10-14
Entry 2006-02-20
Modified 2006-02-20
koffice
gt 1.2.0 lt 1.4.1_1,1

abiword
lt 2.2.11

15096
CAN-2005-2972
http://scary.beasts.org/security/CESA-2005-006.txt
http://www.abisource.com/changelogs/2.2.11.phtml
http://www.kde.org/info/security/advisory-20051011-1.txt
9cd52bc6-a213-11da-b410-000e0c2e438aabiword, koffice -- stack based buffer overflow vulnerabilities

Chris Evans reports that AbiWord is vulnerable to multiple stack-based buffer overflow vulnerabilities. This is caused by improper checking of the user-supplied data before it is being copied to an too small buffer. The vulnerability is triggered when someone is importing RTF files.


Discovery 2005-10-14
Entry 2006-02-20
Modified 2006-02-20
koffice
gt 1.2.0 lt 1.4.1_1,1

abiword
lt 2.2.11

15096
CAN-2005-2972
http://scary.beasts.org/security/CESA-2005-006.txt
http://www.abisource.com/changelogs/2.2.11.phtml
http://www.kde.org/info/security/advisory-20051011-1.txt