diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2019-10-06 01:48:49 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2019-10-06 01:48:49 +0000 |
| commit | f83872158cdcee924c00fc0fcc54793a6ad7d184 (patch) | |
| tree | 9bbd8083de6a1dfee22b6633eb502fdbd6605174 /security | |
| parent | d98ef0df5f29c8da3ab7253fc7b86e0fb69a5831 (diff) | |
Document two new Xpdf vulnerabilities: CVE-2019-16927 and CVE-2019-9877.
PR: 241066
Security: https://nvd.nist.gov/vuln/detail/CVE-2019-16927
Security: https://nvd.nist.gov/vuln/detail/CVE-2019-9877
Security: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9877
Security: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16927
Notes
Notes:
svn path=/head/; revision=513861
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index aef73f919691..eb8bde42184a 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,49 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="791e8f79-e7d1-11e9-8b31-206a8a720317"> + <topic>Xpdf -- Multiple Vulnerabilities</topic> + <affects> + <package> + <name>xpdf</name> + <range><lt>4.02</lt></range> + </package> + <package> + <name>xpdf4</name> + <range><lt>4.02</lt></range> + </package> + <package> + <name>xpdf3</name> + <range><lt>3.04_11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Xpdf 4.02 fixes two vulnerabilities. Both fixes have been + backported to 3.04.</p> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2019-9877"> + <p>An invalid memory access vulnerability in TextPage::findGaps() + in Xpdf 4.01 through a crafted PDF document can cause a + segfault.</p> + </blockquote> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2019-16927"> + <p>An out of bounds write exists in TextPage::findGaps() of + Xpdf 4.01.01 </p> + </blockquote> + </body> + </description> + <references> + <url>https://nvd.nist.gov/vuln/detail/CVE-2019-9877</url> + <url>https://nvd.nist.gov/vuln/detail/CVE-2019-16927</url> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9877</url> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1692</url> + </references> + <dates> + <discovery>2019-10-01</discovery> + <entry>2019-10-06</entry> + </dates> + </vuln> + <vuln vid="108a4be3-e612-11e9-9963-5f1753e0aca0"> <topic>unbound -- parsing vulnerability</topic> <affects> |