FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID Description

VuXML ID	Description
0e43a14d-3f3f-11dc-a79a-0016179b2dd5	xpdf -- stack based buffer overflow The KDE Team reports: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor(). Remotely supplied pdf files can be used to disrupt the kpdf viewer on the client machine and possibly execute arbitrary code. Discovery 2007-07-30 Entry 2007-07-31 Modified 2009-04-29 xpdf < 3.02_2 kdegraphics < 3.5.7_1 cups-base < 1.2.11_3 gpdf > 0 pdftohtml < 0.39_3 poppler < 0.5.9_4 25124 CVE-2007-3387 http://www.kde.org/info/security/advisory-20070730-1.txt
f755545e-6fcd-11d9-abec-00061bd2d56f	xpdf -- makeFileKey2() buffer overflow vulnerability An iDEFENSE Security Advisory reports: Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer included in multiple Unix and Linux distributions could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability specifically exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. The offending code can be found in the `Decrypt::makeFileKey2` function in the source file xpdf/Decrypt.cc. Discovery 2005-01-06 Entry 2005-01-26 Modified 2005-02-03 xpdf < 3.00_6 kdegraphics < 3.3.2_2 gpdf < 2.8.3 teTeX-base < 2.0.2_9 cups-base < 1.1.23.0_3 koffice < 1.3.5_2,1 pdftohtml < 0.36_2 CVE-2005-0064 http://marc.theaimsgroup.com/?l=bugtraq&m=110608898221554 http://www.koffice.org/security/advisory-20050120-1.txt

0e43a14d-3f3f-11dc-a79a-0016179b2dd5

xpdf -- stack based buffer overflow

The KDE Team reports:

kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor(). Remotely supplied pdf files can be used to disrupt the kpdf viewer on the client machine and possibly execute arbitrary code.

Discovery 2007-07-30
Entry 2007-07-31
Modified 2009-04-29
xpdf

< 3.02_2

kdegraphics

< 3.5.7_1

cups-base

< 1.2.11_3

gpdf

> 0

pdftohtml

< 0.39_3

poppler

< 0.5.9_4

25124
CVE-2007-3387
http://www.kde.org/info/security/advisory-20070730-1.txt

f755545e-6fcd-11d9-abec-00061bd2d56f

xpdf -- makeFileKey2() buffer overflow vulnerability

An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer included in multiple Unix and Linux distributions could allow for arbitrary code execution as the user viewing a PDF file.

The vulnerability specifically exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. The offending code can be found in the Decrypt::makeFileKey2 function in the source file xpdf/Decrypt.cc.

Discovery 2005-01-06
Entry 2005-01-26
Modified 2005-02-03
xpdf

< 3.00_6

kdegraphics

< 3.3.2_2

gpdf

< 2.8.3

teTeX-base

< 2.0.2_9

cups-base

< 1.1.23.0_3

koffice

< 1.3.5_2,1

pdftohtml

< 0.36_2

CVE-2005-0064
http://marc.theaimsgroup.com/?l=bugtraq&m=110608898221554
http://www.koffice.org/security/advisory-20050120-1.txt