FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f755545e-6fcd-11d9-abec-00061bd2d56fxpdf -- makeFileKey2() buffer overflow vulnerability

An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer included in multiple Unix and Linux distributions could allow for arbitrary code execution as the user viewing a PDF file.

The vulnerability specifically exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. The offending code can be found in the Decrypt::makeFileKey2 function in the source file xpdf/Decrypt.cc.


Discovery 2005-01-06
Entry 2005-01-26
Modified 2005-02-03
xpdf
< 3.00_6

kdegraphics
< 3.3.2_2

gpdf
< 2.8.3

teTeX-base
< 2.0.2_9

cups-base
< 1.1.23.0_3

koffice
< 1.3.5_2,1

pdftohtml
< 0.36_2

CVE-2005-0064
http://marc.theaimsgroup.com/?l=bugtraq&m=110608898221554
http://www.koffice.org/security/advisory-20050120-1.txt