Index: vuln.xml
===================================================================
RCS file: /home/pcvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.900
diff -u -r1.900 vuln.xml
--- vuln.xml	1 Dec 2005 16:08:47 -0000	1.900
+++ vuln.xml	6 Dec 2005 18:15:30 -0000
@@ -34,6 +34,67 @@
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="4c6382f0-6682-11da-99f6-00123ffe8333">
+    <topic>xpdf -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>xpdf</name>
+	<range><le>3.01_1</le></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Secunia reports:</p>
+	<blockquote cite="http://secunia.com/advisories/17897/">
+	  <p>infamous41md has reported some vulnerabilities in
+	    xpdf, which can be exploited by malicious people to
+	    cause a DoS (Denial of Service) and potentially to
+	    compromise a user's system.</p>
+	  <p>1) A boundary error exists in the "DCTStream::readBaselineSOF()"
+	    function in "xpdf/Stream.cc" when copying data from a PDF file
+	    to a heap-based buffer. This can be exploited to cause a
+	    heap-based buffer overflow via a specially crafted PDF file
+	    with an overly large "numComps" value.</p>
+	  <p>2) A boundary error exists in the "DCTStream::readProgressiveSOF()"
+	    function in "xpdf/Stream.cc" when copying data from a PDF
+	    file to a heap-based buffer. This can be exploited to cause
+	    a heap-based buffer overflow via a specially crafted PDF
+	    file with an overly large "numComps" value.</p>
+	  <p>3) An error exists in the "StreamPredictor::StreamPredictor()"
+	    function in "xpdf/Stream.cc" when using the "numComps" value
+	    to calculate the memory size to be allocated by "gmalloc()".
+	    This can be exploited to cause "gmalloc()" to allocate less
+	    memory than required, which will lead to a heap-based buffer
+	    overflow when data is copied from the PDF file to the allocated
+	    memory.</p>
+	  <p>4) An error exists in the "JPXStream::readCodestream()"
+	    function in "xpdf/JPXStream.cc" when using the "nXTiles"
+	    and "nYTiles" values from a PDF file to copy data from the
+	    file into allocated memory. This can be exploited to cause
+	    a heap-based buffer overflow via a specially crafted PDF file
+	    with overly large "nXTiles" and "nYTiles" values.</p>
+	  <p>Successful exploitation of the vulnerabilities requires
+	    that the user is e.g. tricked into opening a malicious PDF
+	    file.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2005-3191</cvename>
+      <cvename>CVE-2005-3192</cvename>
+      <cvename>CVE-2005-3193</cvename>
+      <url>http://secunia.com/advisories/17897/</url>
+      <url>http://www.idefense.com/application/poi/display?id=342&amp;type=vulnerabilities</url>
+      <url>http://www.idefense.com/application/poi/display?id=343&amp;type=vulnerabilities</url>
+      <url>http://www.idefense.com/application/poi/display?id=344&amp;type=vulnerabilities</url>
+      <url>http://www.idefense.com/application/poi/display?id=345&amp;type=vulnerabilities</url>
+    </references>
+    <dates>
+      <discovery>2005-12-05</discovery>
+      <entry>2005-12-06</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="faca0843-6281-11da-8630-00123ffe8333">
     <topic>drupal -- multiple vulnerabilities</topic>
     <affects>