FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0e43a14d-3f3f-11dc-a79a-0016179b2dd5xpdf -- stack based buffer overflow

The KDE Team reports:

kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor(). Remotely supplied pdf files can be used to disrupt the kpdf viewer on the client machine and possibly execute arbitrary code.


Discovery 2007-07-30
Entry 2007-07-31
Modified 2009-04-29
xpdf
lt 3.02_2

kdegraphics
lt 3.5.7_1

cups-base
lt 1.2.11_3

gpdf
gt 0

pdftohtml
lt 0.39_3

poppler
lt 0.5.9_4

25124
CVE-2007-3387
http://www.kde.org/info/security/advisory-20070730-1.txt
791e8f79-e7d1-11e9-8b31-206a8a720317Xpdf -- Multiple Vulnerabilities

Xpdf 4.02 fixes two vulnerabilities. Both fixes have been backported to 3.04.

An invalid memory access vulnerability in TextPage::findGaps() in Xpdf 4.01 through a crafted PDF document can cause a segfault.

An out of bounds write exists in TextPage::findGaps() of Xpdf 4.01.01


Discovery 2019-10-01
Entry 2019-10-06
xpdf
lt 4.02,1

xpdf4
lt 4.02,1

xpdf3
lt 3.04_11

https://nvd.nist.gov/vuln/detail/CVE-2019-9877
https://nvd.nist.gov/vuln/detail/CVE-2019-16927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1692
ad2f3337-26bf-11d9-9289-000c41e2cdadxpdf -- integer overflow vulnerabilities

Chris Evans discovered several integer arithmetic overflows in the xpdf 2 and xpdf 3 code bases. The flaws have impacts ranging from denial-of-service to arbitrary code execution.


Discovery 2004-10-21
Entry 2004-10-25
gpdf
cups-base
lt 1.1.22.0

xpdf
lt 3.00_4

kdegraphics
lt 3.3.0_1

koffice
lt 1.3.2_1,1

teTeX-base
lt 2.0.2_4

CVE-2004-0888
CVE-2004-0889
http://scary.beasts.org/security/CESA-2004-002.txt
http://scary.beasts.org/security/CESA-2004-007.txt
http://www.kde.org/info/security/advisory-20041021-1.txt
e3e266e9-5473-11d9-a9e7-0001020eed82xpdf -- buffer overflow vulnerability

An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer, as included in multiple Linux distributions, could allow attackers to execute arbitrary code as the user viewing a PDF file. The offending code can be found in the Gfx::doImage() function in the source file xpdf/Gfx.cc.


Discovery 2004-11-23
Entry 2004-12-23
Modified 2005-01-13
xpdf
lt 3.00_5

kdegraphics
lt 3.3.2_1

gpdf
le 2.8.1

teTeX-base
le 2.0.2_6

cups-base
le 1.1.22.0

koffice
le 1.3.5,1

pdftohtml
lt 0.36_1

CVE-2004-1125
http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities
f755545e-6fcd-11d9-abec-00061bd2d56fxpdf -- makeFileKey2() buffer overflow vulnerability

An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer included in multiple Unix and Linux distributions could allow for arbitrary code execution as the user viewing a PDF file.

The vulnerability specifically exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. The offending code can be found in the Decrypt::makeFileKey2 function in the source file xpdf/Decrypt.cc.


Discovery 2005-01-06
Entry 2005-01-26
Modified 2005-02-03
xpdf
lt 3.00_6

kdegraphics
lt 3.3.2_2

gpdf
lt 2.8.3

teTeX-base
lt 2.0.2_9

cups-base
lt 1.1.23.0_3

koffice
lt 1.3.5_2,1

pdftohtml
lt 0.36_2

CVE-2005-0064
http://marc.theaimsgroup.com/?l=bugtraq&m=110608898221554
http://www.koffice.org/security/advisory-20050120-1.txt
8581189c-bd5f-11de-8709-0017a4cccfc6Xpdf -- Multiple Vulnerabilities

SecurityFocus reports:

Some vulnerabilities have been reported in Xpdf, which can be exploited by malicious people to potentially compromise a user's system.

1) Multiple integer overflows in "SplashBitmap::SplashBitmap()" can be exploited to cause heap-based buffer overflows.

2) An integer overflow error in "ObjectStream::ObjectStream()" can be exploited to cause a heap-based buffer overflow.

3) Multiple integer overflows in "Splash::drawImage()" can be exploited to cause heap-based buffer overflows.

4) An integer overflow error in "PSOutputDev::doImageL1Sep()" can be exploited to cause a heap-based buffer overflow when converting a PDF document to a PS file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code by tricking a user into opening a specially crafted PDF file.


Discovery 2009-10-14
Entry 2009-10-20
xpdf
lt 3.02_11

http://www.securityfocus.com/archive/1/507261
http://secunia.com/advisories/37053/
24eee285-09c7-11da-bc08-0001020eed82xpdf -- disk fill DoS vulnerability

xpdf is vulnerable to a denial of service vulnerability which can cause xpdf to create an infinitely large file, thereby filling up the /tmp partition, when opening a specially crafted PDF file.

Note that several applications contains an embedded version of xpdf, therefor making them the vulnerable to the same DoS. In CUPS this vulnerability would cause the pdftops filter to crash.


Discovery 2005-08-09
Entry 2005-08-12
Modified 2005-09-07
xpdf
lt 3.00_7

kdegraphics
lt 3.4.2

gpdf
lt 2.10.0_2

cups-base
lt 1.1.23.0_5

14529
CVE-2005-2097
http://rhn.redhat.com/errata/RHSA-2005-670.html
http://www.kde.org/info/security/advisory-20050809-1.txt
a21037d5-2c38-11de-ab3b-0017a4cccfc6xpdf -- multiple vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in Xpdf, which can be exploited by malicious people to potentially compromise a user's system.

A boundary error exists when decoding JBIG2 symbol dictionary segments. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code.

Multiple integer overflows in the JBIG2 decoder can be exploited to potentially execute arbitrary code.

Multiple boundary errors in the JBIG2 decoder can be exploited to cause buffer overflows and potentially execute arbitrary code.

Multiple errors in the JBIG2 decoder can be exploited can be exploited to free arbitrary memory and potentially execute arbitrary code.

Multiple unspecified input validation errors in the JBIG2 decoder can be exploited to potentially execute arbitrary code.


Discovery 2009-04-16
Entry 2009-04-18
Modified 2009-04-18
xpdf
lt 3.02_11

CVE-2009-0146
CVE-2009-0147
CVE-2009-0166
CVE-2009-0799
CVE-2009-0800
CVE-2009-1179
CVE-2009-1180
CVE-2009-1181
CVE-2009-1182
CVE-2009-1183
http://secunia.com/advisories/34291
http://www.vupen.com/english/advisories/2009/1065
2747fc39-915b-11dc-9239-001c2514716cxpdf -- multiple remote Stream.CC vulnerabilities

Secunia Research reports:

Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system.

  • An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.
  • An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
  • A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter.

Successful exploitation may allow execution of arbitrary code.


Discovery 2007-11-07
Entry 2007-11-12
Modified 2007-11-14
cups-base
lt 1.3.3_2

gpdf
gt 0

kdegraphics
lt 3.5.8_1

koffice
lt 1.6.3_3,2

poppler
lt 0.6

xpdf
lt 3.02_5

26367
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393