FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-28 14:09:37 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
47157c14-9013-11e6-a590-14dae9d210b8	mupdf -- multiple vulnerabilities Tobias Kortkamp reports: Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array. Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. Discovery 2016-08-27 Entry 2016-10-12 Modified 2016-10-18 mupdf < 1.9a_1,1 llpp < 22_2 zathura-pdf-mupdf < 0.3.0_2 http://openbsd-archive.7691.n7.nabble.com/mupdf-CVE-2016-6525-amp-CVE-2016-6265-td302904.html http://bugs.ghostscript.com/show_bug.cgi?id=696941 http://bugs.ghostscript.com/show_bug.cgi?id=696954 CVE-2016-6525 CVE-2016-6265 ports/212207
53bde960-356b-11e0-8e81-0022190034c0	mupdf -- Remote System Access Secunia reports: The vulnerability is caused due to an error within the "closedctd()" function in fitz/filt_dctd.c when processing PDF files containing certain malformed JPEG images. This can be exploited to cause a stack corruption by e.g. tricking a user into opening a specially crafted PDF file. Discovery 2011-01-26 Entry 2011-02-10 mupdf < 0.8 46027 http://secunia.com/advisories/43020/

VuXML ID

Description

47157c14-9013-11e6-a590-14dae9d210b8

mupdf -- multiple vulnerabilities

Tobias Kortkamp reports:

Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.

Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file.

Discovery 2016-08-27
Entry 2016-10-12
Modified 2016-10-18
mupdf

< 1.9a_1,1

llpp

< 22_2

zathura-pdf-mupdf

< 0.3.0_2

http://openbsd-archive.7691.n7.nabble.com/mupdf-CVE-2016-6525-amp-CVE-2016-6265-td302904.html
http://bugs.ghostscript.com/show_bug.cgi?id=696941
http://bugs.ghostscript.com/show_bug.cgi?id=696954
CVE-2016-6525
CVE-2016-6265
ports/212207

53bde960-356b-11e0-8e81-0022190034c0

mupdf -- Remote System Access

Secunia reports:

The vulnerability is caused due to an error within the "closedctd()" function in fitz/filt_dctd.c when processing PDF files containing certain malformed JPEG images. This can be exploited to cause a stack corruption by e.g. tricking a user into opening a specially crafted PDF file.

Discovery 2011-01-26
Entry 2011-02-10
mupdf

< 0.8

46027
http://secunia.com/advisories/43020/