FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  529248
Date:      2020-03-27
Time:      13:48:12Z
Committer: wen

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0e43a14d-3f3f-11dc-a79a-0016179b2dd5xpdf -- stack based buffer overflow

The KDE Team reports:

kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor(). Remotely supplied pdf files can be used to disrupt the kpdf viewer on the client machine and possibly execute arbitrary code.


Discovery 2007-07-30
Entry 2007-07-31
Modified 2009-04-29
xpdf
lt 3.02_2

kdegraphics
lt 3.5.7_1

cups-base
lt 1.2.11_3

gpdf
gt 0

pdftohtml
lt 0.39_3

poppler
lt 0.5.9_4

25124
CVE-2007-3387
http://www.kde.org/info/security/advisory-20070730-1.txt
2747fc39-915b-11dc-9239-001c2514716cxpdf -- multiple remote Stream.CC vulnerabilities

Secunia Research reports:

Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system.

  • An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.
  • An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
  • A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter.

Successful exploitation may allow execution of arbitrary code.


Discovery 2007-11-07
Entry 2007-11-12
Modified 2007-11-14
cups-base
lt 1.3.3_2

gpdf
gt 0

kdegraphics
lt 3.5.8_1

koffice
lt 1.6.3_3,2

poppler
lt 0.6

xpdf
lt 3.02_5

26367
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
50d233d9-374b-46ce-922d-4e6b3f777befpoppler -- Poppler Multiple Vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in Poppler which can be exploited by malicious people to potentially compromise an application using the library.


Discovery 2009-04-17
Entry 2009-04-18
poppler
lt 0.10.6

http://secunia.com/advisories/34746/
bc20510f-4dd4-11dd-93e7-0211d880e350poppler -- uninitialized pointer

Felipe Andres Manzano reports:

The libpoppler pdf rendering library, can free uninitialized pointers, leading to arbitrary code execution. This vulnerability results from memory management bugs in the Page class constructor/destructor.


Discovery 2008-07-07
Entry 2008-07-09
poppler
lt 0.8.4_2

CVE-2008-2950
http://milw0rm.com/exploits/6032
eca2d861-76f4-42ed-89d2-23a2cb396c87poppler -- multiple denial of service issues

Poppler developers report:

Poppler is prone to a stack-based buffer-overflow vulnerability.

Successful exploits may allow attackers to crash the affected application, resulting in denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.


Discovery 2017-06-21
Entry 2017-08-24
poppler
lt 0.56.0

http://www.securityfocus.com/bid/99241/discuss
CVE-2017-9865
CVE-2017-9775