FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ad2f3337-26bf-11d9-9289-000c41e2cdadxpdf -- integer overflow vulnerabilities

Chris Evans discovered several integer arithmetic overflows in the xpdf 2 and xpdf 3 code bases. The flaws have impacts ranging from denial-of-service to arbitrary code execution.


Discovery 2004-10-21
Entry 2004-10-25
gpdf
cups-base
< 1.1.22.0

xpdf
< 3.00_4

kdegraphics
< 3.3.0_1

koffice
< 1.3.2_1,1

teTeX-base
< 2.0.2_4

CVE-2004-0888
CVE-2004-0889
http://scary.beasts.org/security/CESA-2004-002.txt
http://scary.beasts.org/security/CESA-2004-007.txt
http://www.kde.org/info/security/advisory-20041021-1.txt
aa4d3d73-ef17-11e1-b593-00269ef07d24Calligra, KOffice -- input validation failure

KDE Security Advisory reports:

A flaw has been found which can allow malicious code to take advantage of an input validation failure in the Microsoft import filter in Calligra and KOffice. Exploitation can allow the attacker to gain control of the running process and execute code on its behalf.


Discovery 2012-08-10
Entry 2012-08-26
koffice
le 1.6.3_18,2

koffice-kde4
le 2.3.3_7

calligra
< 2.5.0

CVE-2012-3455
CVE-2012-3456
http://www.kde.org/info/security/advisory-20120810-1.txt
http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf
2747fc39-915b-11dc-9239-001c2514716cxpdf -- multiple remote Stream.CC vulnerabilities

Secunia Research reports:

Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system.

  • An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.
  • An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
  • A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter.

Successful exploitation may allow execution of arbitrary code.


Discovery 2007-11-07
Entry 2007-11-12
Modified 2007-11-14
cups-base
< 1.3.3_2

gpdf
gt 0

kdegraphics
< 3.5.8_1

koffice
< 1.6.3_3,2

poppler
< 0.6

xpdf
< 3.02_5

26367
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
f755545e-6fcd-11d9-abec-00061bd2d56fxpdf -- makeFileKey2() buffer overflow vulnerability

An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer included in multiple Unix and Linux distributions could allow for arbitrary code execution as the user viewing a PDF file.

The vulnerability specifically exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. The offending code can be found in the Decrypt::makeFileKey2 function in the source file xpdf/Decrypt.cc.


Discovery 2005-01-06
Entry 2005-01-26
Modified 2005-02-03
xpdf
< 3.00_6

kdegraphics
< 3.3.2_2

gpdf
< 2.8.3

teTeX-base
< 2.0.2_9

cups-base
< 1.1.23.0_3

koffice
< 1.3.5_2,1

pdftohtml
< 0.36_2

CVE-2005-0064
http://marc.theaimsgroup.com/?l=bugtraq&m=110608898221554
http://www.koffice.org/security/advisory-20050120-1.txt
e3e266e9-5473-11d9-a9e7-0001020eed82xpdf -- buffer overflow vulnerability

An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer, as included in multiple Linux distributions, could allow attackers to execute arbitrary code as the user viewing a PDF file. The offending code can be found in the Gfx::doImage() function in the source file xpdf/Gfx.cc.


Discovery 2004-11-23
Entry 2004-12-23
Modified 2005-01-13
xpdf
< 3.00_5

kdegraphics
< 3.3.2_1

gpdf
le 2.8.1

teTeX-base
le 2.0.2_6

cups-base
le 1.1.22.0

koffice
le 1.3.5,1

pdftohtml
< 0.36_1

CVE-2004-1125
http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities
9cd52bc6-a213-11da-b410-000e0c2e438aabiword, koffice -- stack based buffer overflow vulnerabilities

Chris Evans reports that AbiWord is vulnerable to multiple stack-based buffer overflow vulnerabilities. This is caused by improper checking of the user-supplied data before it is being copied to an too small buffer. The vulnerability is triggered when someone is importing RTF files.


Discovery 2005-10-14
Entry 2006-02-20
Modified 2006-02-20
koffice
gt 1.2.0 lt 1.4.1_1,1

abiword
< 2.2.11

15096
CAN-2005-2972
http://scary.beasts.org/security/CESA-2005-006.txt
http://www.abisource.com/changelogs/2.2.11.phtml
http://www.kde.org/info/security/advisory-20051011-1.txt