summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorMartin Wilke <miwi@FreeBSD.org>2007-07-31 11:30:03 +0000
committerMartin Wilke <miwi@FreeBSD.org>2007-07-31 11:30:03 +0000
commit46aa01e61cbc0979c7906ed4a088eab1fbce858f (patch)
tree66125b5ff4c9d9f6540a1fe2714a3686902d81cf /security
parentUpdate to 6.1.5 (diff)
Document xpdf -- stack based buffer overflow
Reviewed by: simon/remko
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml55
1 files changed, 55 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 34725ce7d48d..3741303f4f71 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,61 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="0e43a14d-3f3f-11dc-a79a-0016179b2dd5">
+ <topic>xpdf -- stack based buffer overflow</topic>
+ <affects>
+ <package>
+ <name>xpdf</name>
+ <name>zh-xpdf</name>
+ <name>ja-xpdf</name>
+ <name>ko-xpdf</name>
+ <range><lt>3.02_2</lt></range>
+ </package>
+ <package>
+ <name>kdegraphics</name>
+ <range><lt>3.5.7_1</lt></range>
+ </package>
+ <package>
+ <name>cups-base</name>
+ <range><gt>0</gt></range>
+ </package>
+ <package>
+ <name>gpdf</name>
+ <range><gt>0</gt></range>
+ </package>
+ <package>
+ <name>evince</name>
+ <range><gt>0</gt></range>
+ </package>
+ <package>
+ <name>pdftohtml</name>
+ <range><gt>0</gt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The KDE Team reports:</p>
+ <blockquote cite="http://www.kde.org/info/security/advisory-20070730-1.txt">
+ <p>kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
+ a vulnerability that can cause a stack based buffer overflow
+ via a PDF file that exploits an integer overflow in
+ StreamPredictor::StreamPredictor(). Remotely supplied
+ pdf files can be used to disrupt the kpdf viewer on
+ the client machine and possibly execute arbitrary code.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <bid>25124</bid>
+ <cvename>CVE-2007-3387</cvename>
+ <url>http://www.kde.org/info/security/advisory-20070730-1.txt</url>
+ </references>
+ <dates>
+ <discovery>2007-07-30</discovery>
+ <entry>2007-07-31</entry>
+ </dates>
+ </vuln>
+
<vuln vid="ff284bf0-3f32-11dc-a79a-0016179b2dd5">
<topic>tcpdump -- remote integer underflow vulnerability</topic>
<affects>