FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|0e43a14d-3f3f-11dc-a79a-0016179b2dd5||xpdf -- stack based buffer overflow|
The KDE Team reports:
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a vulnerability that can cause a stack based buffer overflow
via a PDF file that exploits an integer overflow in
StreamPredictor::StreamPredictor(). Remotely supplied
pdf files can be used to disrupt the kpdf viewer on
the client machine and possibly execute arbitrary code.
|2747fc39-915b-11dc-9239-001c2514716c||xpdf -- multiple remote Stream.CC vulnerabilities|
Secunia Research reports:
Secunia Research has discovered some vulnerabilities in Xpdf,
which can be exploited by malicious people to compromise a user's
- An array indexing error within the
"DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc
can be exploited to corrupt memory via a specially crafted PDF
- An integer overflow error within the "DCTStream::reset()"
method in xpdf/Stream.cc can be exploited to cause a heap-based
buffer overflow via a specially crafted PDF file.
- A boundary error within the "CCITTFaxStream::lookChar()" method
in xpdf/Stream.cc can be exploited to cause a heap-based buffer
overflow by tricking a user into opening a PDF file containing a
specially crafted "CCITTFaxDecode" filter.
Successful exploitation may allow execution of arbitrary code.
|50d233d9-374b-46ce-922d-4e6b3f777bef||poppler -- Poppler Multiple Vulnerabilities|
Some vulnerabilities have been reported in Poppler which can be
exploited by malicious people to potentially compromise an
application using the library.
|bc20510f-4dd4-11dd-93e7-0211d880e350||poppler -- uninitialized pointer|
Felipe Andres Manzano reports:
The libpoppler pdf rendering library, can free
uninitialized pointers, leading to arbitrary code
execution. This vulnerability results from memory
management bugs in the Page class constructor/destructor.
|eca2d861-76f4-42ed-89d2-23a2cb396c87||poppler -- multiple denial of service issues|
Poppler developers report:
Poppler is prone to a stack-based buffer-overflow
Successful exploits may allow attackers to crash the affected
application, resulting in denial-of-service condition. Due to the
nature of this issue, arbitrary code execution may be possible but
this has not been confirmed.