diff options
| author | Simon L. B. Nielsen <simon@FreeBSD.org> | 2005-01-26 20:25:46 +0000 |
|---|---|---|
| committer | Simon L. B. Nielsen <simon@FreeBSD.org> | 2005-01-26 20:25:46 +0000 |
| commit | 227998b8976cc66d21ff730fe60cdbc141ec0c67 (patch) | |
| tree | 7e5c7642f44d7f0233e9c9e8f573f3651fc585b1 /security | |
| parent | f42f9e91fd7419b2afb678c1edba9ff1a9e6fd53 (diff) | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 0a0b07b49776..68511446238f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,66 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="f755545e-6fcd-11d9-abec-00061bd2d56f"> + <topic>xpdf -- makeFileKey2() buffer overflow vulnerability</topic> + <affects> + <package> + <name>xpdf</name> + <range><lt>3.00_6</lt></range> + </package> + <package> + <name>kdegraphics</name> + <range><lt>3.3.2_2</lt></range> + </package> + <package> + <name>gpdf</name> + <range><gt>0</gt></range> + </package> + <package> + <name>teTeX-base</name> + <range><lt>2.0.2_9</lt></range> + </package> + <package> + <name>cups-base</name> + <range><gt>0</gt></range> + </package> + <package> + <name>koffice</name> + <range><lt>1.3.5_2,1</lt></range> + </package> + <package> + <name>pdftohtml</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>An iDEFENSE Security Advisory reports:</p> + <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&m=110608898221554"> + <p>Remote exploitation of a buffer overflow vulnerability in + the xpdf PDF viewer included in multiple Unix and Linux + distributions could allow for arbitrary code execution as + the user viewing a PDF file.</p> + <p>The vulnerability specifically exists due to insufficient + bounds checking while processing a PDF file that provides + malicious values in the /Encrypt /Length tag. The + offending code can be found in the + <code>Decrypt::makeFileKey2</code> function in the source + file xpdf/Decrypt.cc.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CAN-2005-0064</cvename> + <mlist msgid="FB24803D1DF2A34FA59FC157B77C970503C8B298@idserv04.idef.com">http://marc.theaimsgroup.com/?l=bugtraq&m=110608898221554</mlist> + <url>http://www.koffice.org/security/advisory-20050120-1.txt</url> + </references> + <dates> + <discovery>2005-01-06</discovery> + <entry>2005-01-26</entry> + </dates> + </vuln> + <vuln vid="d371b627-6ed5-11d9-bd18-000a95bc6fae"> <topic>zhcon -- unauthorized file access</topic> <affects> |