FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2747fc39-915b-11dc-9239-001c2514716c	xpdf -- multiple remote Stream.CC vulnerabilities Secunia Research reports: Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system. An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file. An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file. A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter. Successful exploitation may allow execution of arbitrary code. Discovery 2007-11-07 Entry 2007-11-12 Modified 2007-11-14 cups-base < 1.3.3_2 gpdf > 0 kdegraphics < 3.5.8_1 koffice < 1.6.3_3,2 poppler < 0.6 xpdf < 3.02_5 26367 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
0e43a14d-3f3f-11dc-a79a-0016179b2dd5	xpdf -- stack based buffer overflow The KDE Team reports: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor(). Remotely supplied pdf files can be used to disrupt the kpdf viewer on the client machine and possibly execute arbitrary code. Discovery 2007-07-30 Entry 2007-07-31 Modified 2009-04-29 xpdf < 3.02_2 kdegraphics < 3.5.7_1 cups-base < 1.2.11_3 gpdf > 0 pdftohtml < 0.39_3 poppler < 0.5.9_4 25124 CVE-2007-3387 http://www.kde.org/info/security/advisory-20070730-1.txt

VuXML ID

Description

2747fc39-915b-11dc-9239-001c2514716c

xpdf -- multiple remote Stream.CC vulnerabilities

Secunia Research reports:

Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system.

An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.

An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.

A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter.

Successful exploitation may allow execution of arbitrary code.

Discovery 2007-11-07
Entry 2007-11-12
Modified 2007-11-14
cups-base

< 1.3.3_2

gpdf

> 0

kdegraphics

< 3.5.8_1

koffice

< 1.6.3_3,2

poppler

< 0.6

xpdf

< 3.02_5

26367
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393

0e43a14d-3f3f-11dc-a79a-0016179b2dd5

xpdf -- stack based buffer overflow

The KDE Team reports:

kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor(). Remotely supplied pdf files can be used to disrupt the kpdf viewer on the client machine and possibly execute arbitrary code.

Discovery 2007-07-30
Entry 2007-07-31
Modified 2009-04-29
xpdf

< 3.02_2

kdegraphics

< 3.5.7_1

cups-base

< 1.2.11_3

gpdf

> 0

pdftohtml

< 0.39_3

poppler

< 0.5.9_4

25124
CVE-2007-3387
http://www.kde.org/info/security/advisory-20070730-1.txt