FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  351541
Date:      2014-04-18
Time:      14:56:43Z
Committer: ohauer

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
87106b67-be13-11dd-a578-0030843d3802cups -- potential buffer overflow in PNG reading code

CUPS reports:

The PNG image reading code did not validate the image size properly, leading to a potential buffer overflow (STR #2974)


Discovery 2008-10-17
Entry 2008-11-29
Modified 2008-12-25
cups-base
lt 1.3.9_2

CVE-2008-5286
http://www.cups.org/str.php?L2974
http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt
http://www.openwall.com/lists/oss-security/2008/11/25/2
ce29ce1d-971a-11dd-ab7e-001c2514716ccups -- multiple vulnerabilities

The release note of cups 1.3.9 reports:

It contains the following fixes:

  • SECURITY: The HP-GL/2 filter did not range check pen numbers (STR #2911)
  • SECURITY: The SGI image file reader did not range check 16-bit run lengths (STR #2918)
  • SECURITY: The text filter did not range check cpi, lpi, or column values (STR #2919)

Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the affected service.


Discovery 2008-10-09
Entry 2008-10-10
cups-base
lt 1.3.9

CVE-2008-3639
CVE-2008-3640
CVE-2008-3641
736e55bc-39bb-11de-a493-001b77d09812cups -- remote code execution and DNS rebinding

Gentoo security team summarizes:

The following issues were reported in CUPS:

  • iDefense reported an integer overflow in the _cupsImageReadTIFF() function in the "imagetops" filter, leading to a heap-based buffer overflow (CVE-2009-0163).
  • Aaron Siegel of Apple Product Security reported that the CUPS web interface does not verify the content of the "Host" HTTP header properly (CVE-2009-0164).
  • Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler.

A remote attacker might send or entice a user to send a specially crafted print job to CUPS, possibly resulting in the execution of arbitrary code with the privileges of the configured CUPS user -- by default this is "lp", or a Denial of Service. Furthermore, the web interface could be used to conduct DNS rebinding attacks.


Discovery 2009-05-05
Entry 2009-05-07
Modified 2009-05-13
cups-base
lt 1.3.10

34571
34665
34568
CVE-2009-0163
CVE-2009-0164
CVE-2009-0146
CVE-2009-0147
CVE-2009-0166
http://www.cups.org/articles.php?L582
736e55bc-39bb-11de-a493-001b77d09812cups -- remote code execution and DNS rebinding

Gentoo security team summarizes:

The following issues were reported in CUPS:

  • iDefense reported an integer overflow in the _cupsImageReadTIFF() function in the "imagetops" filter, leading to a heap-based buffer overflow (CVE-2009-0163).
  • Aaron Siegel of Apple Product Security reported that the CUPS web interface does not verify the content of the "Host" HTTP header properly (CVE-2009-0164).
  • Braden Thomas and Drew Yao of Apple Product Security reported that CUPS is vulnerable to CVE-2009-0146, CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and poppler.

A remote attacker might send or entice a user to send a specially crafted print job to CUPS, possibly resulting in the execution of arbitrary code with the privileges of the configured CUPS user -- by default this is "lp", or a Denial of Service. Furthermore, the web interface could be used to conduct DNS rebinding attacks.


Discovery 2009-05-05
Entry 2009-05-07
Modified 2009-05-13
cups-base
lt 1.3.10

34571
34665
34568
CVE-2009-0163
CVE-2009-0164
CVE-2009-0146
CVE-2009-0147
CVE-2009-0166
http://www.cups.org/articles.php?L582
87106b67-be13-11dd-a578-0030843d3802cups -- potential buffer overflow in PNG reading code

CUPS reports:

The PNG image reading code did not validate the image size properly, leading to a potential buffer overflow (STR #2974)


Discovery 2008-10-17
Entry 2008-11-29
Modified 2008-12-25
cups-base
lt 1.3.9_2

CVE-2008-5286
http://www.cups.org/str.php?L2974
http://svn.easysw.com/public/cups/trunk/CHANGES-1.3.txt
http://www.openwall.com/lists/oss-security/2008/11/25/2
ce29ce1d-971a-11dd-ab7e-001c2514716ccups -- multiple vulnerabilities

The release note of cups 1.3.9 reports:

It contains the following fixes:

  • SECURITY: The HP-GL/2 filter did not range check pen numbers (STR #2911)
  • SECURITY: The SGI image file reader did not range check 16-bit run lengths (STR #2918)
  • SECURITY: The text filter did not range check cpi, lpi, or column values (STR #2919)

Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the affected service.


Discovery 2008-10-09
Entry 2008-10-10
cups-base
lt 1.3.9

CVE-2008-3639
CVE-2008-3640
CVE-2008-3641