Some integer overflows were reported in Xpdf. A remote user may be able to execute arbitrary code on a target user's system.
Several vendors reported that there are integer overflows in Xpdf. A remote user can create a specially crafted PDF file that, when viewed by the target user, may execute arbitrary code.
The flaws reside in 'pdftops/Catalog.cc' and 'pdftops/XRef.cc'. A specially crafted Index color size (indexHigh) or Page size can trigger the overflow.
Chris Evans is credited with discovering these flaws.
CUPS, the Common UNIX Printing System, is also affected because it includes Xpdf.
A remote user may be able to execute arbitrary code on a target user's system when the target user loads a malformed PDF file.
No upstream solution was available at the time of this entry.
[Editor's note: Several Linux distribution vendors subsequently issued patches for these vulnerabilities. However, the patches for CVE number CVE-2004-0888 as distributed by some vendors did not fully correct the flaws on 64-bit systems. As a result, a new CVE number has been assigned (CVE-2005-0206) to identify the vulnerability due to the incomplete patch.]