Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   CUPS Vendors:   Easy Software Products
(Debian Issues Fix for CUPS) Xpdf Buffer Overflow in makeFileKey2() Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012942
SecurityTracker URL:
CVE Reference:   CVE-2005-0064   (Links to External Site)
Date:  Jan 19 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   iDEFENSE reported a buffer overflow vulnerability in Xpdf. A remote user may be able to execute arbitrary code on the target system. CUPS is affected.

A remote user can create a specially crafted PDF file to trigger a stack overflow in the 'Decrypt::makeFileKey2' function in the processing of the /Encrypt /Length tag. Arbitrary code can be executed with the privileges of the Xpdf process or the user running Xpdf.

The flaw resides in 'xpdf/'.

The vendor was notified on January 6, 2005.

The original advisory is available at:

Impact:   A remote user can create a PDF file that, when processed by Xpdf, will execute arbitrary code on the target system. The code will run with the privileges of Xpdf.
Solution:   Debian has released a fix for CUPS, which is affected by this Xpdf vulnerability.

Debian GNU/Linux 3.0 alias woody:

Source archives:
Size/MD5 checksum: 712 dba687dbc0a6992b0a3cdd8da496abdf
Size/MD5 checksum: 40770 083cfc2f84280ebaee765ec1ba7a8f29
Size/MD5 checksum: 6150756 0dfa41f29fa73e7744903b2471d2ca2f

For the other fixes, see the Debian advisory:

Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Debian)
Underlying OS Comments:  3.0

Message History:   This archive entry is a follow-up to the message listed below.
Jan 19 2005 Xpdf Buffer Overflow in makeFileKey2() Lets Remote Users Execute Arbitrary Code

 Source Message Contents

Subject:  [SECURITY] [DSA 645-1] New CUPS packages fix arbitrary code execution

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 645-1                                        Martin Schulze
January 19th, 2005            
- --------------------------------------------------------------------------

Package        : cupsys
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-0064

iDEFENSE has reported a buffer overflow in xpdf, the portable document
format (PDF) suite.  Similar code is present in the PDF processing
part of CUPS.  A maliciously crafted PDF file could exploit this
problem, resulting in the execution of arbitrary code.

For the stable distribution (woody) this problem has been fixed in
version 1.1.14-5woody12.

In the unstable distribution (sid) CUPSYS does not use its own xpdf
variant anymore but uses xpdf-utils.

We recommend that you upgrade your cups packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:
      Size/MD5 checksum:      712 dba687dbc0a6992b0a3cdd8da496abdf
      Size/MD5 checksum:    40770 083cfc2f84280ebaee765ec1ba7a8f29
      Size/MD5 checksum:  6150756 0dfa41f29fa73e7744903b2471d2ca2f

  Alpha architecture:
      Size/MD5 checksum:  1901080 80c9b14b52397228088eb278ef07d897
      Size/MD5 checksum:    74548 98b9ef57c0e574aadf0e804fb070ccff
      Size/MD5 checksum:    93196 ebe102c5982747fb36254898db73bdac
      Size/MD5 checksum:  2446048 e3509f813586e394fcaea652caeb979d
      Size/MD5 checksum:   138216 c6c6beeff4bc077a290bb213ffafcd04
      Size/MD5 checksum:   181162 c612bffce4b666c36e9709a3f1c3b916

  ARM architecture:
      Size/MD5 checksum:  1821988 cae79abb7d1980e5cb983c51c23df200
      Size/MD5 checksum:    68682 2aef42b9bfa45d45a0b94f980cd75f0b
      Size/MD5 checksum:    85876 c998cf95bd9faa58bbc3618d92c69e3b
      Size/MD5 checksum:  2346072 24d5e48e3e0319b948038c45b1219b4d
      Size/MD5 checksum:   113198 4ce263fe2f228ad505e6249869ede086
      Size/MD5 checksum:   150620 9644fdf3f4c6021a203b1a9811a14de8

  Intel IA-32 architecture:
      Size/MD5 checksum:  1788840 4421966dabb586f81791d9d27eaf9ceb
      Size/MD5 checksum:    68212 af70c5816c54edf896a22c24fe0568b8
      Size/MD5 checksum:    84376 6178a9c61d805a70e3f787f9cec45d44
      Size/MD5 checksum:  2312208 53aaab028df004928720cf25e9912298
      Size/MD5 checksum:   111224 2a6caaceda4a9a617637ffec2e6b0888
      Size/MD5 checksum:   136782 70d5e60898bf4cb15ec009832f2914ff

  Intel IA-64 architecture:
      Size/MD5 checksum:  2008480 dbd5516b389032d32bed1b3f47157dd6
      Size/MD5 checksum:    77618 c93fd0ad5ed158ece2b3bfe820f65c85
      Size/MD5 checksum:    97360 d5b475b30e5566ae84e4388a9c8b88ce
      Size/MD5 checksum:  2656984 7c862503822e4f2bf4758f7d2359ebc9
      Size/MD5 checksum:   156234 67c450bec79adc3790e03933d59f3d37
      Size/MD5 checksum:   183182 7f11c1e4644116c23db6b29c73427040

  HP Precision architecture:
      Size/MD5 checksum:  1882020 9c4b419efcb6432c6470c3d1d55d2df4
      Size/MD5 checksum:    71014 be0ebd451a3141b3962fe2bdcf6ec50f
      Size/MD5 checksum:    90032 a7ba29d9e1c69af6b90f4007d5a74c6f
      Size/MD5 checksum:  2456276 65d1e20bf5e1189467226ead52702708
      Size/MD5 checksum:   126706 b780b2343e1a4c1f7efbc2e31bf45a5f
      Size/MD5 checksum:   159768 aaac5dbdd82b5e781f088687f924a6db

  Motorola 680x0 architecture:
      Size/MD5 checksum:  1755578 cba34fd3943f142f9f02349409e0a401
      Size/MD5 checksum:    66480 547ceec1de16cd3a30591e0a4d7d522c
      Size/MD5 checksum:    81600 92628a29ad3a5c5fe612b5f878747bbb
      Size/MD5 checksum:  2261580 76a36d1fbc58b906e9e2aaa3524f788d
      Size/MD5 checksum:   106458 5e70c0f80644ae350edc1062877ced89
      Size/MD5 checksum:   128992 8ff14878ace478af7a9f2827867a04d1

  Big endian MIPS architecture:
      Size/MD5 checksum:  1811940 9ced9be894453681c8f256f67e337751
      Size/MD5 checksum:    68116 63e45c41ec22bc005663f008aa05ef0b
      Size/MD5 checksum:    81558 6300fb89191894457fa6672cad347bb4
      Size/MD5 checksum:  2404826 f8d58e941201559799af19451002a284
      Size/MD5 checksum:   112996 a4b6ffee4e6cc6a3800c0ef8c20ff539
      Size/MD5 checksum:   151418 aaae3c74411b75b49dc14def7a9c32fe

  Little endian MIPS architecture:
      Size/MD5 checksum:  1812724 bbfee7ac7b15145c6f89d4a25c1db340
      Size/MD5 checksum:    68130 d2f7131ac7ea1d6ef729c112b54d5629
      Size/MD5 checksum:    81626 95b08b3d7979b620c77859d15550eaaa
      Size/MD5 checksum:  2407218 9332c2b46d7345b8b15403ca9b6dd028
      Size/MD5 checksum:   112790 45c5412dfdcdad3a59bbc0f2f45988a4
      Size/MD5 checksum:   151276 16c064ce075bf6ce6201312a0843d008

  PowerPC architecture:
      Size/MD5 checksum:  1800906 08a9bf6cc07cb65c0dd09d52de8f7f0b
      Size/MD5 checksum:    68124 698dbe8709ad4a0dc5de6fafaeb8f3eb
      Size/MD5 checksum:    83694 407fc2c25633d9c2cf26d80bd5f5108c
      Size/MD5 checksum:  2360024 08521680d27782d3e726784997c95566
      Size/MD5 checksum:   117006 9cb07b714e8ab87e79b2ee92dcc7e5d3
      Size/MD5 checksum:   145440 070f2ffcddb4877843d4bc1a948fbe5c

  IBM S/390 architecture:
      Size/MD5 checksum:  1796000 2afd81c2c65e80af6152b6d2a0985ce3
      Size/MD5 checksum:    69504 a48e8ed2967607f6d96e4c26999d8fec
      Size/MD5 checksum:    86236 3c51febfd61416b13d42c5c6ab975010
      Size/MD5 checksum:  2337874 b881b84f338e9cbf2e613f0d2a6453a0
      Size/MD5 checksum:   115542 33c899990404f7dbd5e5a586b3fc8fa1
      Size/MD5 checksum:   141064 325c19c262cdd47a35ffabf397b5da2a

  Sun Sparc architecture:
      Size/MD5 checksum:  1845728 2c1dcbfd9ff9fc25588f908e7ef84446
      Size/MD5 checksum:    71068 f687719bc73305a9128ae5707b482f2f
      Size/MD5 checksum:    84512 4c0763a89d10e4f48ed35e8807bc2f69
      Size/MD5 checksum:  2354898 aafc71eb641ab4c0252b37a163d97f05
      Size/MD5 checksum:   120690 72969e3f647ecf37906772aebee2ad57
      Size/MD5 checksum:   146974 aff816a314bda12eb5f6ac6bbc3d6816

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Version: GnuPG v1.2.5 (GNU/Linux)


To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC