FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  371119
Date:      2014-10-18
Time:      12:52:26Z
Committer: kwm

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c62dc69f-05c8-11d9-b45d-000c41e2cdadopenoffice -- document disclosure

OpenOffice creates a working directory in /tmp on startup, and uses this directory to temporarily store document content. However, the permissions of the created directory may allow other user on the system to read these files, potentially exposing information the user likely assumed was inaccessible.


Discovery 2004-08-24
Entry 2004-09-14
openoffice
ar-openoffice
ca-openoffice
cs-openoffice
de-openoffice
dk-openoffice
el-openoffice
es-openoffice
et-openoffice
fi-openoffice
fr-openoffice
gr-openoffice
hu-openoffice
it-openoffice
ja-openoffice
ko-openoffice
nl-openoffice
pl-openoffice
pt-openoffice
pt_BR-openoffice
ru-openoffice
se-openoffice
sk-openoffice
sl-openoffice-SI
tr-openoffice
zh-openoffice-CN
zh-openoffice-TW
lt 1.1.2_1

ge 2.0

CVE-2004-0752
http://www.openoffice.org/issues/show_bug.cgi?id=33357
http://securitytracker.com/alerts/2004/Sep/1011205.html
http://marc.theaimsgroup.com/?l=bugtraq&m=109483308421566
e595e170-6771-11dc-8be8-02e0185f8d72openoffice -- arbitrary command execution vulnerability

iDefense reports:

Remote exploitation of multiple integer overflow vulnerabilities within OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code.

These vulnerabilities exist within the TIFF parsing code of the OpenOffice suite. When parsing the TIFF directory entries for certain tags, the parser uses untrusted values from the file to calculate the amount of memory to allocate. By providing specially crafted values, an integer overflow occurs in this calculation. This results in the allocation of a buffer of insufficient size, which in turn leads to a heap overflow.


Discovery 2007-09-19
Entry 2007-09-20
openoffice
gt 0

CVE-2007-2834
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593
b206dd82-ac67-11d9-a788-0001020eed82openoffice -- DOC document heap overflow vulnerability

AD-LAB reports that a heap-based buffer overflow vulnerability exists in OpenOffice's handling of DOC documents. When reading a DOC document 16 bit from a 32 bit integer is used for memory allocation, but the full 32 bit is used for further processing of the document. This can allow an attacker to crash OpenOffice, or potentially execute arbitrary code as the user running OpenOffice, by tricking an user into opening a specially crafted DOC document.


Discovery 2005-04-11
Entry 2005-04-13
Modified 2005-04-20
openoffice
ar-openoffice
ca-openoffice
cs-openoffice
de-openoffice
dk-openoffice
el-openoffice
es-openoffice
et-openoffice
fi-openoffice
fr-openoffice
gr-openoffice
hu-openoffice
it-openoffice
ja-openoffice
ko-openoffice
nl-openoffice
pl-openoffice
pt-openoffice
pt_BR-openoffice
ru-openoffice
se-openoffice
sk-openoffice
sl-openoffice-SI
tr-openoffice
zh-openoffice-CN
zh-openoffice-TW
jp-openoffice
kr-openoffice
sl-openoffice-SL
zh-openoffice
zh_TW-openoffice
lt 1.1.4_2

gt 2.* le 2.0.20050406

openoffice
ja-openoffice
ge 6.0.a609 le 6.0.a638

ge 641c le 645

eq 1.1RC4

eq 1.1rc5

13092
CVE-2005-0941
http://marc.theaimsgroup.com/?l=bugtraq&m=111325305109137
http://www.openoffice.org/issues/show_bug.cgi?id=46388
b206dd82-ac67-11d9-a788-0001020eed82openoffice -- DOC document heap overflow vulnerability

AD-LAB reports that a heap-based buffer overflow vulnerability exists in OpenOffice's handling of DOC documents. When reading a DOC document 16 bit from a 32 bit integer is used for memory allocation, but the full 32 bit is used for further processing of the document. This can allow an attacker to crash OpenOffice, or potentially execute arbitrary code as the user running OpenOffice, by tricking an user into opening a specially crafted DOC document.


Discovery 2005-04-11
Entry 2005-04-13
Modified 2005-04-20
openoffice
ar-openoffice
ca-openoffice
cs-openoffice
de-openoffice
dk-openoffice
el-openoffice
es-openoffice
et-openoffice
fi-openoffice
fr-openoffice
gr-openoffice
hu-openoffice
it-openoffice
ja-openoffice
ko-openoffice
nl-openoffice
pl-openoffice
pt-openoffice
pt_BR-openoffice
ru-openoffice
se-openoffice
sk-openoffice
sl-openoffice-SI
tr-openoffice
zh-openoffice-CN
zh-openoffice-TW
jp-openoffice
kr-openoffice
sl-openoffice-SL
zh-openoffice
zh_TW-openoffice
lt 1.1.4_2

gt 2.* le 2.0.20050406

openoffice
ja-openoffice
ge 6.0.a609 le 6.0.a638

ge 641c le 645

eq 1.1RC4

eq 1.1rc5

13092
CVE-2005-0941
http://marc.theaimsgroup.com/?l=bugtraq&m=111325305109137
http://www.openoffice.org/issues/show_bug.cgi?id=46388
c62dc69f-05c8-11d9-b45d-000c41e2cdadopenoffice -- document disclosure

OpenOffice creates a working directory in /tmp on startup, and uses this directory to temporarily store document content. However, the permissions of the created directory may allow other user on the system to read these files, potentially exposing information the user likely assumed was inaccessible.


Discovery 2004-08-24
Entry 2004-09-14
openoffice
ar-openoffice
ca-openoffice
cs-openoffice
de-openoffice
dk-openoffice
el-openoffice
es-openoffice
et-openoffice
fi-openoffice
fr-openoffice
gr-openoffice
hu-openoffice
it-openoffice
ja-openoffice
ko-openoffice
nl-openoffice
pl-openoffice
pt-openoffice
pt_BR-openoffice
ru-openoffice
se-openoffice
sk-openoffice
sl-openoffice-SI
tr-openoffice
zh-openoffice-CN
zh-openoffice-TW
lt 1.1.2_1

ge 2.0

CVE-2004-0752
http://www.openoffice.org/issues/show_bug.cgi?id=33357
http://securitytracker.com/alerts/2004/Sep/1011205.html
http://marc.theaimsgroup.com/?l=bugtraq&m=109483308421566
e595e170-6771-11dc-8be8-02e0185f8d72openoffice -- arbitrary command execution vulnerability

iDefense reports:

Remote exploitation of multiple integer overflow vulnerabilities within OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code.

These vulnerabilities exist within the TIFF parsing code of the OpenOffice suite. When parsing the TIFF directory entries for certain tags, the parser uses untrusted values from the file to calculate the amount of memory to allocate. By providing specially crafted values, an integer overflow occurs in this calculation. This results in the allocation of a buffer of insufficient size, which in turn leads to a heap overflow.


Discovery 2007-09-19
Entry 2007-09-20
openoffice
gt 0

CVE-2007-2834
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593