SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Xpdf Vendors:   Glyph and Cog
(Fedora Issues Fix for FC2) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1011879
SecurityTracker URL:  http://securitytracker.com/id/1011879
CVE Reference:   CVE-2004-0888, CVE-2004-0889, CVE-2005-0206   (Links to External Site)
Date:  Oct 21 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.00
Description:   Some integer overflows were reported in Xpdf. A remote user may be able to execute arbitrary code on a target user's system.

Several vendors reported that there are integer overflows in Xpdf. A remote user can create a specially crafted PDF file that, when viewed by the target user, may execute arbitrary code.

The flaws reside in 'pdftops/Catalog.cc' and 'pdftops/XRef.cc'. A specially crafted Index color size (indexHigh) or Page size can trigger the overflow.

Chris Evans is credited with discovering these flaws.

CUPS, the Common UNIX Printing System, is also affected because it includes Xpdf.

Impact:   A remote user may be able to execute arbitrary code on a target user's system when the target user loads a malformed PDF file.
Solution:   Fedora has released a fix, available at:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

9a247439c975578530b1e63252f37719 SRPMS/xpdf-3.00-3.4.src.rpm
c7a133d156e4afb06eed8e659b5f7b41 x86_64/xpdf-3.00-3.4.x86_64.rpm
0285341acf5a3492e5ecb22d1b8f66eb
x86_64/debug/xpdf-debuginfo-3.00-3.4.x86_64.rpm
4d69d5e3c58b4bc36cd02f0c5690322c i386/xpdf-3.00-3.4.i386.rpm
9a0206612ba4945ae35bd40b8bd3eecf
i386/debug/xpdf-debuginfo-3.00-3.4.i386.rpm

Vendor URL:  www.foolabs.com/xpdf/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC2

Message History:   This archive entry is a follow-up to the message listed below.
Oct 21 2004 Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [SECURITY] Fedora Core 2 Update: xpdf-3.00-3.4


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-348
2004-10-21
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : xpdf
Version     : 3.00
Release     : 3.4
Summary     : A PDF file viewer for the X Window System.
Description :
Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files. Xpdf is a small and efficient program which uses
standard X fonts.

---------------------------------------------------------------------
Update Information:

Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files.

During a source code audit, Chris Evans and others discovered a number
of integer overflow bugs that affected all versions of xpdf. An
attacker could construct a carefully crafted PDF file that could cause
xpdf to crash or possibly execute arbitrary code when opened. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0888 to this issue.

Users of xpdf are advised to upgrade to this errata package, which contains
a backported patch correcting these issues.
---------------------------------------------------------------------
* Thu Oct 21 2004 Than Ngo <than@redhat.com> 1:3.00-3.4

- Apply patch to fix can-2004-0888, can-2004-0889

* Thu Oct 21 2004 Than Ngo <than@redhat.com> 1:3.00-3.3

- Fix xpdf crash #136633

* Tue Oct 12 2004 Than Ngo <than@redhat.com> 1:3.00-3.2

- Apply patch to fix can-2004-0888, can-2004-0889
- Fix xpdf crash when selecting outline without page reference #134993
- Fix locale issue #133911
- Fix default fonts setting

* Mon Jul 26 2004 Than Ngo <than@redhat.com> 1:3.00-3.1

- update t1lib upstream
- add cjk font patch, thanks to Yukihiro Nakai, bug #123540
- fix a bug in font rasterizer, bug #125559
- improve menue entry, bug #125850


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

9a247439c975578530b1e63252f37719  SRPMS/xpdf-3.00-3.4.src.rpm
c7a133d156e4afb06eed8e659b5f7b41  x86_64/xpdf-3.00-3.4.x86_64.rpm
0285341acf5a3492e5ecb22d1b8f66eb  
x86_64/debug/xpdf-debuginfo-3.00-3.4.x86_64.rpm
4d69d5e3c58b4bc36cd02f0c5690322c  i386/xpdf-3.00-3.4.i386.rpm
9a0206612ba4945ae35bd40b8bd3eecf  
i386/debug/xpdf-debuginfo-3.00-3.4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC