SecurityTracker.com Archives - KDE kpdf/xpdf Integer Overflow in StreamPredictor() Lets Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > KDE

Vendors: KDE.org

KDE kpdf/xpdf Integer Overflow in StreamPredictor() Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1018473

SecurityTracker URL: http://securitytracker.com/id?1018473

CVE Reference: CVE-2007-3387 (Links to External Site)

Date: Jul 30 2007

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Advisory: KDE Security Advisory

Version(s): 3.2.0 - 3.5.7

Description: A vulnerability was reported in KDE kpdf (and xpdf). A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger an integer overflow in the StreamPredictor() and execute arbitrary code on the target system. The code will run with the privileges of the target user or application.

The vulnerability resides in code share by xpdf and kpdf.

The vendor credits Derek Noonburg with reporting this vulnerability.

Impact: A remote user can create a PDF file that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued the following patches.

Patch for KOffice 1.2.1 and newer is available from
ftp://ftp.kde.org/pub/kde/security_patches :

eb5e65cd5fadab128c1bc5ce2211126b koffice-xpdf-CVE-2007-3387.diff

Patch for KDE 3.3.2 and newer is available from
ftp://ftp.kde.org/pub/kde/security_patches :

d1b3248c6a7843ad3265d25adcf7aa2f post-3.5.7-kdegraphics-CVE-2007-3387.diff

The KDE advisory is available at:

http://www.kde.org/info/security/advisory-20070730-1.txt

Vendor URL: www.kde.org/info/security/advisory-20070730-1.txt (Links to External Site)

Cause: Boundary error

Underlying OS: Linux (Any), UNIX (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

Jul 30 2007	(Red Hat Issues Fix) KDE kpdf/xpdf Integer Overflow in StreamPredictor() Lets Remote Users Execute Arbitrary Code (bugzilla@redhat.com) Red Hat has released a fix for Red Hat Enterprise Linux 4 and 5.
Jul 30 2007	(Red Hat Issues Fix) KDE kpdf/xpdf Integer Overflow in StreamPredictor() Lets Remote Users Execute Arbitrary Code (bugzilla@redhat.com) Red Hat has released a fix for Red Hat Enterprise Linux 2.1, 3, and 4.
Jul 30 2007	(Red Hat Issues Fix for Poppler) KDE kpdf/xpdf Integer Overflow in StreamPredictor() Lets Remote Users Execute Arbitrary Code (bugzilla@redhat.com) Red Hat has released a fix for poppler on Red Hat Enterprise Linux 5.
Jul 30 2007	(Red Hat Issues Fix for gpdf) KDE kpdf/xpdf Integer Overflow in StreamPredictor() Lets Remote Users Execute Arbitrary Code (bugzilla@redhat.com) Red Hat has released a fix for gpdf on Red Hat Enterprise Linux 4.
Jul 30 2007	(Red Hat Issues Fix for cups) KDE kpdf/xpdf Integer Overflow in StreamPredictor() Lets Remote Users Execute Arbitrary Code (bugzilla@redhat.com) Red Hat has released a fix for cups on Red Hat Enterprise Linux 3, 4, and 5.
Aug 1 2007	(Red Hat Issues Fix for teTex) KDE kpdf/xpdf Integer Overflow in StreamPredictor() Lets Remote Users Execute Arbitrary Code (bugzilla@redhat.com) Red Hat has released a fix for tetex on Red Hat Enterprise Linux 2.1, 3, 4, and 5.

Source Message Contents

Date: Mon, 30 Jul 2007 12:05:02 -0400
Subject: KDE

 
 
KDE Security Advisory: kpdf/kword/xpdf stack based buffer overflow
Original Release Date: 2007-07-30
URL: http://www.kde.org/info/security/advisory-20070730-1.txt
 
0. References
         CVE-2007-3387
 
1. Systems affected:
 
        KDE 3.2.0 up to including KDE 3.5.7.
 
 
2. Overview:
 
        kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
        a vulnerability that can cause a stack based buffer overflow
        via a PDF file that exploits an integer overflow in
        StreamPredictor::StreamPredictor(). We'd like to thank
        Derek Noonburg for bringing this issue to our attention.
 
 
3. Impact:
 
        Remotely supplied pdf files can be used to disrupt the kpdf
        viewer on the client machine and possibly execute arbitrary code.
 
 
4. Solution:
 
        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.
 
 
5. Patch:
 
        Patch for KOffice 1.2.1 and newer is available from
        ftp://ftp.kde.org/pub/kde/security_patches :
 
        eb5e65cd5fadab128c1bc5ce2211126b  koffice-xpdf-CVE-2007-3387.diff
 
        Patch for KDE 3.3.2 and newer is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :
 
        d1b3248c6a7843ad3265d25adcf7aa2f  post-3.5.7-kdegraphics-CVE-2007-3387.diff

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2007, SecurityGlobal.net LLC