FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
9cd52bc6-a213-11da-b410-000e0c2e438a	abiword, koffice -- stack based buffer overflow vulnerabilities Chris Evans reports that AbiWord is vulnerable to multiple stack-based buffer overflow vulnerabilities. This is caused by improper checking of the user-supplied data before it is being copied to an too small buffer. The vulnerability is triggered when someone is importing RTF files. Discovery 2005-10-14 Entry 2006-02-20 Modified 2006-02-20 koffice gt 1.2.0 lt 1.4.1_1,1 abiword < 2.2.11 15096 CAN-2005-2972 http://scary.beasts.org/security/CESA-2005-006.txt http://www.abisource.com/changelogs/2.2.11.phtml http://www.kde.org/info/security/advisory-20051011-1.txt
aa4d3d73-ef17-11e1-b593-00269ef07d24	Calligra, KOffice -- input validation failure KDE Security Advisory reports: A flaw has been found which can allow malicious code to take advantage of an input validation failure in the Microsoft import filter in Calligra and KOffice. Exploitation can allow the attacker to gain control of the running process and execute code on its behalf. Discovery 2012-08-10 Entry 2012-08-26 koffice le 1.6.3_18,2 koffice-kde4 le 2.3.3_7 calligra < 2.5.0 CVE-2012-3455 CVE-2012-3456 http://www.kde.org/info/security/advisory-20120810-1.txt http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf
2747fc39-915b-11dc-9239-001c2514716c	xpdf -- multiple remote Stream.CC vulnerabilities Secunia Research reports: Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system. An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file. An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file. A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter. Successful exploitation may allow execution of arbitrary code. Discovery 2007-11-07 Entry 2007-11-12 Modified 2007-11-14 cups-base < 1.3.3_2 gpdf gt 0 kdegraphics < 3.5.8_1 koffice < 1.6.3_3,2 poppler < 0.6 xpdf < 3.02_5 26367 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393

VuXML ID

Description

9cd52bc6-a213-11da-b410-000e0c2e438a

abiword, koffice -- stack based buffer overflow vulnerabilities

Chris Evans reports that AbiWord is vulnerable to multiple stack-based buffer overflow vulnerabilities. This is caused by improper checking of the user-supplied data before it is being copied to an too small buffer. The vulnerability is triggered when someone is importing RTF files.

Discovery 2005-10-14
Entry 2006-02-20
Modified 2006-02-20
koffice

gt 1.2.0 lt 1.4.1_1,1

abiword

< 2.2.11

15096
CAN-2005-2972
http://scary.beasts.org/security/CESA-2005-006.txt
http://www.abisource.com/changelogs/2.2.11.phtml
http://www.kde.org/info/security/advisory-20051011-1.txt

aa4d3d73-ef17-11e1-b593-00269ef07d24

Calligra, KOffice -- input validation failure

KDE Security Advisory reports:

A flaw has been found which can allow malicious code to take advantage of an input validation failure in the Microsoft import filter in Calligra and KOffice. Exploitation can allow the attacker to gain control of the running process and execute code on its behalf.

Discovery 2012-08-10
Entry 2012-08-26
koffice

le 1.6.3_18,2

koffice-kde4

le 2.3.3_7

calligra

< 2.5.0

CVE-2012-3455
CVE-2012-3456
http://www.kde.org/info/security/advisory-20120810-1.txt
http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf

2747fc39-915b-11dc-9239-001c2514716c

xpdf -- multiple remote Stream.CC vulnerabilities

Secunia Research reports:

Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system.

An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.

An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.

A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter.

Successful exploitation may allow execution of arbitrary code.

Discovery 2007-11-07
Entry 2007-11-12
Modified 2007-11-14
cups-base

< 1.3.3_2

gpdf

gt 0

kdegraphics

< 3.5.8_1

koffice

< 1.6.3_3,2

poppler

< 0.6

xpdf

< 3.02_5

26367
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393