Next Page >>
xpdf
---------------------------------------------------------------------------
* xpdf : multiple vulnerabilities in t1lib *
* allow arbitrary remote code execution *
-
---------------------------------------------------------------------------
- --[ Vulnerability Summary:
Debian Security Advisory DSA-1790-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
May 05, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xpdf
Vulnerability : multiple
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2009-0146 CVE-2009-0147 CVE-2009-0165
CVE-2009-0166 CVE-2009-0799 CVE-2009-0800
Problem Description:
Multiple vulnerabilities has been found and corrected in poppler:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the JBIG2 decoder in
Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and
other products allow remote attackers to cause a denial
of service (crash) via a crafted PDF file, related to (1)
JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg,
and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147)
Name: Xpdf - Integer overflow which causes heap overflow and NULL pointer derefernce
Author: Adam Zabrocki / HISPASEC (<pi3@itsec.pl> or <adam@hispasec.com>)
Date: July 06, 2009
Issue:
Xpdf allows local and remote attackers to overflow buffer on heap via integer overflow vulnerability.
Xpdf is prone to NULL pointer dereference attack.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Xpdf: Untrusted search path
Date: April 07, 2009
Bugs: #242930
ID: 200904-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Mandriva Linux Security Advisory MDVSA-2009:287
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xpdf
Date : October 22, 2009
Affected: 2009.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Mandriva Linux Security Advisory MDVSA-2009:287-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xpdf
Date : December 4, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
#2009-016 Poppler, Xpdf integer overflows during heap allocation
Description:
Poppler and Xpdf are two popular open source projects for processing PDF
files. Both projects are vulnerable to an integer overflow during heap
memory allocation when processing a PDF file. In general, this results
in unexpected process termination. If an application using this code is
multi-threaded (or uses a crash signal handler), it may be possible to
execute arbitrary code.
======================================================================
Secunia Research 07/11/2007
- Xpdf "Stream.cc" Multiple Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
Background
==========
Poppler is a cross-platform PDF rendering library originally based on
Xpdf. KOffice is an integrated office suite for KDE. KWord is the
KOffice word processor. KPDF is a KDE-based PDF viewer included in the
kdegraphics package.
Affected packages
=================
Debian Security Advisory DSA-1548-1 security@debian.org
http://www.debian.org/security/ Devin Carraway
April 17, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xpdf
Vulnerability : multiple
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2008-1693
An integer overflow in the JBIG2 decoding feature allows remote
attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted PDF document (CVE-2009-1188).
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x
before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers
to execute arbitrary code via a crafted PDF document that triggers a
heap-based buffer overflow. NOTE: some of these details are obtained
from third party information. NOTE: this issue reportedly exists
because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).
Problem Description:
Multiple vulnerabilities has been discovered and fixed in tetex:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
Background
==========
Poppler is a cross-platform PDF rendering library originally based on
Xpdf.
Affected packages
=================
-------------------------------------------------------------------
An integer overflow in the JBIG2 decoding feature allows remote
attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted PDF document (CVE-2009-1188).
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x
before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers
to execute arbitrary code via a crafted PDF document that triggers a
heap-based buffer overflow. NOTE: some of these details are obtained
from third party information. NOTE: this issue reportedly exists
because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).
======================================================================
Secunia Research 17/04/2009
- Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Mandriva Linux Security Advisory MDVSA-2010:228
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xpdf
Date : November 12, 2010
Affected: 2009.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Debian Security Advisory DSA-1537-1 security@debian.org
http://www.debian.org/security/ Devin Carraway
April 02, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xpdf
Vulnerability : multiple
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
Debian Bug : 450631
Several vulnerabilities have been discovered in xpdf code that is
embedded in koffice, an integrated office suite for KDE. These flaws
could allow an attacker to execute arbitrary code by inducing the user
to import a specially crafted PDF document.
The Common Vulnerabilities and Exposures project identifies the
In general, a standard system update will make all the necessary changes.
Details follow:
Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that the
Xpdf used in KOffice contained multiple security issues in its JBIG2
decoder. If a user or automated system were tricked into opening a crafted
PDF file, an attacker could cause a denial of service or execute arbitrary
code with privileges of the user invoking the program. (CVE-2009-0146,
CVE-2009-0147, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179,
CVE-2009-1180, CVE-2009-1181)
--[ Introduction:
Following 3 paragraphs taken from the vendors' documentation:
Xpdf is an open source viewer for Portable Document Format (PDF)
files. (These are also sometimes also called 'Acrobat' files, from
the name of Adobe's PDF software.) The Xpdf project also includes a
PDF text extractor, PDF-to-PostScript converter, and various other
utilities.
Vulnerability like in topic (connected with vulns in xpdf). More details available here:
======
Last few weeks I was talking(mailing) with Derek (xpdf developer –
btw. really nice guy) about some vulnerabilities in his product. 14th of
October he published path for bugs (not only my vulnerabilites) so i decide
to release advisory…
Oryginal advisory you can find here… I want to write about this
vulnerabilites on blog for several reasons:
Debian Security Advisory DSA-2135-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 21, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : xpdf
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2010-3702 CVE-2010-3704
Problem Description:
Multiple vulnerabilities has been found and corrected in kdegraphics:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a
crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap
(CVE-2009-0146, CVE-2009-0147).
Mandriva Linux Security Advisory MDKSA-2007:219
http://www.mandriva.com/security/
_______________________________________________________________________
Package : xpdf
Date : November 15, 2007
Affected: 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Debian Security Advisory DSA 1347-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 4th, 2007 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : xpdf
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2007-3387
Next Page>>
|
