SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   teTeX Vendors:   Esser, Thomas
(Debian Issues Fix for tetex) Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012326
SecurityTracker URL:  http://securitytracker.com/id/1012326
CVE Reference:   CVE-2004-0888, CVE-2004-0889, CVE-2005-0206   (Links to External Site)
Date:  Nov 25 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.00
Description:   Some integer overflows were reported in Xpdf. A remote user may be able to execute arbitrary code on a target user's system. Tetex-bin is affected.

Several vendors reported that there are integer overflows in Xpdf. A remote user can create a specially crafted PDF file that, when viewed by the target user, may execute arbitrary code.

The flaws reside in 'pdftops/Catalog.cc' and 'pdftops/XRef.cc'. A specially crafted Index color size (indexHigh) or Page size can trigger the overflow.

Chris Evans is credited with discovering these flaws.

CUPS, the Common UNIX Printing System, is also affected because it includes Xpdf.

Impact:   A remote user may be able to execute arbitrary code on a target user's system when the target user loads a malformed PDF file.
Solution:   Debian has released a fix for tetex, which is affected by this vulnerability.

Debian GNU/Linux 3.0 alias woody:

Source archives:

http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3.dsc
Size/MD5 checksum: 874 0774ffbc5e428a21939d7d10070ef12b
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3.tar.gz
Size/MD5 checksum: 10329770 9ffa7015b10981c3524e8d6147f2c077

Alpha architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_alpha.deb
Size/MD5 checksum: 84664 7b82ef947ccbd60c57e31fa1cdbceeae
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_alpha.deb
Size/MD5 checksum: 53042 e14d212ec7d9a21859b443ea11210d12
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_alpha.deb
Size/MD5 checksum: 4568870 d8a00aedde830f02a46f70ae97bcdfbc

ARM architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_arm.deb
Size/MD5 checksum: 65256 c7fb486f0e58d6f90a080313ade6d980
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_arm.deb
Size/MD5 checksum: 43610 acf504677a35232f075cb6368cb73c4f
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_arm.deb
Size/MD5 checksum: 3703874 25b4e1d62d2b010382bb74e610f7de32

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_i386.deb
Size/MD5 checksum: 62598 6c11adfac9cbe8007aa89fa91bef57da
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_i386.deb
Size/MD5 checksum: 40742 afda3a9de40083b9fb4a9d92a57749f3
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_i386.deb
Size/MD5 checksum: 3137234 898331b25326db5114be3fde93b191d1

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_ia64.deb
Size/MD5 checksum: 89716 c18229e93ad1bcd55a4baf9236798545
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_ia64.deb
Size/MD5 checksum: 63354 67c881d278113cd980dcfba6b52b2b1a
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_ia64.deb
Size/MD5 checksum: 5598790 7e42e2710c659668fd6cb49ee73d333d

HP Precision architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_hppa.deb
Size/MD5 checksum: 79336 56b55b712e71ff618a1f861fe79ec21c
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_hppa.deb
Size/MD5 checksum: 49324 8577bdb403711604e3ff31cef86a9f1a
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_hppa.deb
Size/MD5 checksum: 4106740 0f07a18dd4762a7d4bd5ea0881b8a80e

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_m68k.deb
Size/MD5 checksum: 61894 645b35f6e1d139a50f2fbd33be3c985b
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_m68k.deb
Size/MD5 checksum: 41370 7b6ce68854bf90f1914f90d386a83dcf
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_m68k.deb
Size/MD5 checksum: 2923076 de62311a6c75ca949adf65b09c5d0722
Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_mips.deb
Size/MD5 checksum: 75110 725f811a3b30630c84fa63137eca473d
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_mips.deb
Size/MD5 checksum: 42380 a89bb43e57cfb784e5b9193177c7894e
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_mips.deb
Size/MD5 checksum: 3941306 2e93d929facb57b8a3500780c00c2335

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_mipsel.deb
Size/MD5 checksum: 74908 973bf6cec0fd0f972d1e159e1565953c
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_mipsel.deb
Size/MD5 checksum: 42592 360874783cafee5a52b11a9f34cca859
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_mipsel.deb
Size/MD5 checksum: 3899668 a8f1b96d1cd98bbb47ab0a685d719695

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_powerpc.deb
Size/MD5 checksum: 73942 631231dd210da928ae371d327d1d9c19
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_powerpc.deb
Size/MD5 checksum: 45282 0452f97d7b0fa7d385c2bbe1f7f9010f
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_powerpc.deb
Size/MD5 checksum: 3587232 c4895e69f2428a9641418ebc751fe7d3

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_s390.deb
Size/MD5 checksum: 64264 a1d4534009c6c82335c5231869b921d9
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_s390.deb
Size/MD5 checksum: 43760 ead82804aaee31f3ba40d98d6d11ed7b
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_s390.deb
Size/MD5 checksum: 3441172 8ca00fddab7f9c3c612e6ac3db9889a4

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_sparc.deb
Size/MD5 checksum: 70710 d0e1d6a50ca4dfbe852445d6b49b1a40
http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_sparc.deb
Size/MD5 checksum: 48748 907d98a1136cfd90f0678497728885d0
http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_sparc.deb
Size/MD5 checksum: 3598666 0deea34aef2ec55cb04eb8f93204d2f2

Vendor URL:  www.tug.org/teTeX/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Debian)
Underlying OS Comments:  3.0

Message History:   This archive entry is a follow-up to the message listed below.
Oct 21 2004 Xpdf Integer Overflows in indexHigh and pageSize May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [SECURITY] [DSA 599-1] New tetex-bin packages fix arbitrary code execution


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 599-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 25th, 2004                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : tetex-bin
Vulnerability  : integer overflows
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0888
Debian Bug     : 278298

Chris Evans discovered several integer overflows in xpdf, that are
also present in tetex-bin, binary files for the teTeX distribution,
which can be exploited remotely by a specially crafted PDF document
and lead to the execution of arbitrary code.

For the stable distribution (woody) these problems have been fixed in
version 20011202-7.3.

For the unstable distribution (sid) these problems have been fixed in
version 2.0.2-23.

We recommend that you upgrade your tetex-bin packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3.dsc
      Size/MD5 checksum:      874 0774ffbc5e428a21939d7d10070ef12b
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3.tar.gz
      Size/MD5 checksum: 10329770 9ffa7015b10981c3524e8d6147f2c077

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_alpha.deb
      Size/MD5 checksum:    84664 7b82ef947ccbd60c57e31fa1cdbceeae
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_alpha.deb
      Size/MD5 checksum:    53042 e14d212ec7d9a21859b443ea11210d12
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_alpha.deb
      Size/MD5 checksum:  4568870 d8a00aedde830f02a46f70ae97bcdfbc

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_arm.deb
      Size/MD5 checksum:    65256 c7fb486f0e58d6f90a080313ade6d980
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_arm.deb
      Size/MD5 checksum:    43610 acf504677a35232f075cb6368cb73c4f
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_arm.deb
      Size/MD5 checksum:  3703874 25b4e1d62d2b010382bb74e610f7de32

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_i386.deb
      Size/MD5 checksum:    62598 6c11adfac9cbe8007aa89fa91bef57da
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_i386.deb
      Size/MD5 checksum:    40742 afda3a9de40083b9fb4a9d92a57749f3
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_i386.deb
      Size/MD5 checksum:  3137234 898331b25326db5114be3fde93b191d1

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_ia64.deb
      Size/MD5 checksum:    89716 c18229e93ad1bcd55a4baf9236798545
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_ia64.deb
      Size/MD5 checksum:    63354 67c881d278113cd980dcfba6b52b2b1a
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_ia64.deb
      Size/MD5 checksum:  5598790 7e42e2710c659668fd6cb49ee73d333d

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_hppa.deb
      Size/MD5 checksum:    79336 56b55b712e71ff618a1f861fe79ec21c
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_hppa.deb
      Size/MD5 checksum:    49324 8577bdb403711604e3ff31cef86a9f1a
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_hppa.deb
      Size/MD5 checksum:  4106740 0f07a18dd4762a7d4bd5ea0881b8a80e

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_m68k.deb
      Size/MD5 checksum:    61894 645b35f6e1d139a50f2fbd33be3c985b
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_m68k.deb
      Size/MD5 checksum:    41370 7b6ce68854bf90f1914f90d386a83dcf
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_m68k.deb
      Size/MD5 checksum:  2923076 de62311a6c75ca949adf65b09c5d0722
  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_mips.deb
      Size/MD5 checksum:    75110 725f811a3b30630c84fa63137eca473d
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_mips.deb
      Size/MD5 checksum:    42380 a89bb43e57cfb784e5b9193177c7894e
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_mips.deb
      Size/MD5 checksum:  3941306 2e93d929facb57b8a3500780c00c2335

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_mipsel.deb
      Size/MD5 checksum:    74908 973bf6cec0fd0f972d1e159e1565953c
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_mipsel.deb
      Size/MD5 checksum:    42592 360874783cafee5a52b11a9f34cca859
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_mipsel.deb
      Size/MD5 checksum:  3899668 a8f1b96d1cd98bbb47ab0a685d719695

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_powerpc.deb
      Size/MD5 checksum:    73942 631231dd210da928ae371d327d1d9c19
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_powerpc.deb
      Size/MD5 checksum:    45282 0452f97d7b0fa7d385c2bbe1f7f9010f
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_powerpc.deb
      Size/MD5 checksum:  3587232 c4895e69f2428a9641418ebc751fe7d3

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_s390.deb
      Size/MD5 checksum:    64264 a1d4534009c6c82335c5231869b921d9
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_s390.deb
      Size/MD5 checksum:    43760 ead82804aaee31f3ba40d98d6d11ed7b
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_s390.deb
      Size/MD5 checksum:  3441172 8ca00fddab7f9c3c612e6ac3db9889a4

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea-dev_1.0.7+20011202-7.3_sparc.deb
      Size/MD5 checksum:    70710 d0e1d6a50ca4dfbe852445d6b49b1a40
    http://security.debian.org/pool/updates/main/t/tetex-bin/libkpathsea3_1.0.7+20011202-7.3_sparc.deb
      Size/MD5 checksum:    48748 907d98a1136cfd90f0678497728885d0
    http://security.debian.org/pool/updates/main/t/tetex-bin/tetex-bin_1.0.7+20011202-7.3_sparc.deb
      Size/MD5 checksum:  3598666 0deea34aef2ec55cb04eb8f93204d2f2


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBpfC4W5ql+IAeqTIRAkfJAJ0WxP0zV5CTgCOBQFLHRwiLsRUCvwCgkTQt
AYT6xca57KtGVtMIKxy6HXk=
=M2UP
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC