Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   teTeX Vendors:   Esser, Thomas
(Fedora Issues Fix) Xpdf Buffer Overflow in doImage() Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012759
SecurityTracker URL:
CVE Reference:   CVE-2004-1125   (Links to External Site)
Updated:  Jan 4 2005
Original Entry Date:  Jan 3 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   iDEFENSE reported a buffer overflow vulnerability in Xpdf. A remote user can cause arbitrary code to be executed on the target user's system. TeTex is affected.

It is reported that a remote user can create a specially crafted PDF file that, when viewed by the target user, will trigger an overflow and execute arbitrary code with the privileges of the target user.

The flaw resides in the Gfx::doImage() function in 'xpdf/', where the maskColors array can be overflowed.

The vendor was notified on November 23, 2004.

The original advisory is available at:

Impact:   A remote user can create a specially crafted PDF file that, when viewed by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
Solution:   Fedora has released a fix, available at:

193a09ec8b28cf3f81062f48d67f9b2e SRPMS/tetex-2.0.2-14FC2.1.src.rpm
d039a779706b57ad73dba2c813d8dd4e x86_64/tetex-2.0.2-14FC2.1.x86_64.rpm
7afcd9f4ba512cf39f952f8112fa0c2a x86_64/tetex-latex-2.0.2-14FC2.1.x86_64.rpm
0bc4d2c46262e9e889717a38b4e8c13c x86_64/tetex-xdvi-2.0.2-14FC2.1.x86_64.rpm
db6ebdb90075b40931c8777ffe7ce72c x86_64/tetex-dvips-2.0.2-14FC2.1.x86_64.rpm
0795d1a2e9f3ede2a11dada3a28af407 x86_64/tetex-afm-2.0.2-14FC2.1.x86_64.rpm
919f9b7344bf48ba44d824c205772ddc x86_64/tetex-fonts-2.0.2-14FC2.1.x86_64.rpm
1a54d5e72a52af60052dfe872d0eff0a x86_64/tetex-doc-2.0.2-14FC2.1.x86_64.rpm
23825bd0d6c799e7cb8ffb9fe5092d2c x86_64/debug/tetex-debuginfo-2.0.2-14FC2.1.x86_64.rpm
f545239d29f60d03a9e1daa11519d9aa i386/tetex-2.0.2-14FC2.1.i386.rpm
28fee73888fd854924e044268bdac231 i386/tetex-latex-2.0.2-14FC2.1.i386.rpm
b091aa0952f558ed05086c792b48ed78 i386/tetex-xdvi-2.0.2-14FC2.1.i386.rpm
29ce8cdf24b0d5d8103eb2f740fc0745 i386/tetex-dvips-2.0.2-14FC2.1.i386.rpm
003ca90ef61a66db88c8298e218dac2a i386/tetex-afm-2.0.2-14FC2.1.i386.rpm
4605f9781f926f36954765012f84a9db i386/tetex-fonts-2.0.2-14FC2.1.i386.rpm
5183b48d4df32a1884667fc2a9a53702 i386/tetex-doc-2.0.2-14FC2.1.i386.rpm
ba9ed7453ce906599fa71eaada0c38a4 i386/debug/tetex-debuginfo-2.0.2-14FC2.1.i386.rpm

Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Red Hat Fedora)
Underlying OS Comments:  FC2

Message History:   This archive entry is a follow-up to the message listed below.
Dec 21 2004 Xpdf Buffer Overflow in doImage() Lets Remote Users Execute Arbitrary Code

 Source Message Contents

Subject:  [SECURITY] Fedora Core 2 Update: tetex-2.0.2-14FC2.1

Fedora Update Notification

Product     : Fedora Core 2
Name        : tetex
Version     : 2.0.2                      
Release     : 14FC2.1                  
Summary     : The TeX text formatting system.
Description :
TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
a text file and a set of formatting commands as input and creates a
typesetter-independent .dvi (DeVice Independent) file as output.
Usually, TeX is used in conjunction with a higher level formatting
package like LaTeX or PlainTeX, since TeX by itself is not very

Install tetex if you want to use the TeX text formatting system. If
you are installing tetex, you will also need to install tetex-afm (a
PostScript(TM) font converter for TeX),
tetex-dvips (for converting .dvi files to PostScript format
for printing on PostScript printers), tetex-latex (a higher level
formatting package which provides an easier-to-use interface for TeX),
and tetex-xdvi (for previewing .dvi files in X). Unless you are an
expert at using TeX, you should also install the tetex-doc package,
which includes the documentation for TeX.

Update Information:

The updated tetex package fixes a buffer overflow which allows attackers
to cause the internal xpdf library used by applications in tetex to
and possibly to execute arbitrary code.  The Common Vulnerabilities and
Exposures projects ( has assigned the name CAN-2004-1125 
to this issue.

This update can be downloaded from:

193a09ec8b28cf3f81062f48d67f9b2e  SRPMS/tetex-2.0.2-14FC2.1.src.rpm
d039a779706b57ad73dba2c813d8dd4e  x86_64/tetex-2.0.2-14FC2.1.x86_64.rpm
7afcd9f4ba512cf39f952f8112fa0c2a  x86_64/tetex-
0bc4d2c46262e9e889717a38b4e8c13c  x86_64/tetex-
db6ebdb90075b40931c8777ffe7ce72c  x86_64/tetex-
0795d1a2e9f3ede2a11dada3a28af407  x86_64/tetex-
919f9b7344bf48ba44d824c205772ddc  x86_64/tetex-
1a54d5e72a52af60052dfe872d0eff0a  x86_64/tetex-
23825bd0d6c799e7cb8ffb9fe5092d2c  x86_64/debug/tetex-
f545239d29f60d03a9e1daa11519d9aa  i386/tetex-2.0.2-14FC2.1.i386.rpm
28fee73888fd854924e044268bdac231  i386/tetex-
b091aa0952f558ed05086c792b48ed78  i386/tetex-xdvi-2.0.2-14FC2.1.i386.rpm
29ce8cdf24b0d5d8103eb2f740fc0745  i386/tetex-
003ca90ef61a66db88c8298e218dac2a  i386/tetex-afm-2.0.2-14FC2.1.i386.rpm
4605f9781f926f36954765012f84a9db  i386/tetex-
5183b48d4df32a1884667fc2a9a53702  i386/tetex-doc-2.0.2-14FC2.1.i386.rpm
ba9ed7453ce906599fa71eaada0c38a4  i386/debug/tetex-

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  

fedora-announce-list mailing list


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC