SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Xpdf Vendors:   Glyph and Cog
Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1011865
SecurityTracker URL:  http://securitytracker.com/id/1011865
CVE Reference:   CAN-2004-0888, CAN-2004-0889, CAN-2005-0206   (Links to External Site)
Updated:  Feb 18 2005
Original Entry Date:  Oct 21 2004
Impact:   Execution of arbitrary code via network, User access via network

Version(s): 3.00
Description:   Some integer overflows were reported in Xpdf. A remote user may be able to execute arbitrary code on a target user's system.

Several vendors reported that there are integer overflows in Xpdf. A remote user can create a specially crafted PDF file that, when viewed by the target user, may execute arbitrary code.

The flaws reside in 'pdftops/Catalog.cc' and 'pdftops/XRef.cc'. A specially crafted Index color size (indexHigh) or Page size can trigger the overflow.

Chris Evans is credited with discovering these flaws.

CUPS, the Common UNIX Printing System, is also affected because it includes Xpdf.
Impact:   A remote user may be able to execute arbitrary code on a target user's system when the target user loads a malformed PDF file.
Solution:   No upstream solution was available at the time of this entry.

[Editor's note: Several Linux distribution vendors subsequently issued patches for these vulnerabilities. However, the patches for CVE number CAN-2004-0888 as distributed by some vendors did not fully correct the flaws on 64-bit systems. As a result, a new CVE number has been assigned (CAN-2005-0206) to identify the vulnerability due to the incomplete patch.]
Vendor URL:  www.foolabs.com/xpdf/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 21 2004 (Gentoo Issues Fix) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (Thierry Carrez <koon@gentoo.org>)
Gentoo has released a fix.
Oct 21 2004 (Gentoo Issues Fix for CUPS) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (Thierry Carrez <koon@gentoo.org>)
Gentoo has released a fix for CUPS, which is affected by the Xpdf vulnerability.
Oct 21 2004 (Debian Issues Fix for CUPS) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (joey@infodrom.org (Martin Schulze))
Debian has released a fix for CUPS.
Oct 21 2004 (Fedora Issues Fix for FC2) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (Than Ngo <than@redhat.com>)
Fedora has released a fix for Fedora Core 2.
Oct 22 2004 (Mandrake Issues Fix) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
Oct 22 2004 (Mandrake Issues Fix for kdegraphics) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix for kdegraphics, which is affected by this vulnerability.
Oct 22 2004 (Mandrake Issues Fix for CUPS) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix for CUPS, which is affected by the Xpdf vulnerability.
Oct 22 2004 (Mandrake Issues Fix for gpdf) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix for gpdf, which is affected by the Xpdf vulnerability.
Oct 22 2004 (KDE Issues Fix for kpdf) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code
KDE has issued a fix for kpdf (part of the kdegraphics package), which is affected by the Xpdf vulnerability.
Oct 23 2004 (Red Hat Issues Fix for CUPS) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has released a fix for CUPS on Red Hat Linux 3.
Oct 27 2004 (KDE Issues Fix for KOffice) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code
KDE has issued a fix for KOffice, which is affected by the PDF integer overflow vulnerability.
Oct 27 2004 (Red Hat Issues Fix) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
Oct 28 2004 (Gentoo Issues Fix for KOffice) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (Thierry Carrez <koon@gentoo.org>)
Gentoo has released a fix for KOffice.
Oct 28 2004 (Gentoo Issues Fix for KDE) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (Thierry Carrez <koon@gentoo.org>)
Gentoo has issued a fix for KDE (kdegraphics).
Oct 28 2004 (Gentoo Issues Fix for GPdf) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (Thierry Carrez <koon@gentoo.org>)
Gentoo has released a fix for GPdf.
Oct 29 2004 (Fedroa Issues Fix for KDE on FC2) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (Than Ngo <than@redhat.com>)
Fedora has released a fix for kdegraphics on Fedora Core 2.
Nov 3 2004 (Debian Issues Fix) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (joey@infodrom.org (Martin Schulze))
Debian has released a fix.
Nov 8 2004 (Conectiva Issues Fix) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (Conectiva Updates <secure@conectiva.com.br>)
Conectiva has released a fix.
Nov 23 2004 (Gentoo Issues Fix for pdftohtml) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (Thierry Carrez <koon@gentoo.org>)
Gentoo has released a fix for pdftohtml.
Nov 25 2004 (Debian Issues Fix for tetex) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (joey@infodrom.org (Martin Schulze))
Debian has released a fix for tetex-bin to correct the Xpdf vulnerability.
Dec 31 2004 (Mandrake Issues Fix for tetex) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix for tetex.
Dec 31 2004 (Mandrake Issues Fix for KOffice) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix for KOffice.
Mar 4 2005 (Red Hat Issues Fix) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code   (bugzilla@redhat.com)
Red Hat has released a fix.


 Source Message Contents
Date:  Thu, 21 Oct 2004 13:00:20 -0400
Subject:  [none]


Several vendors reported that there are integer overflows in Xpdf.  A remote user can
create a specially crafted PDF file that, when viewed by the target user, may 
execute arbitrary code.

Chris Evans is credited with discovering these flaws.

CVE: CAN-2004-0888, CAN-2004-0889

CUPS, the Common UNIX Printing System, is also affected.

The flaws reside in 'pdftops/Catalog.cxx' and 'pdftops/XRef.cxx'.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC