Bug 120451

Summary:

app-text/xpdf possible second round this year (CVE-2006-0301) (Vendor-sec)

Product:

Gentoo Security

Reporter:

Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>

Component:

Vulnerabilities

Assignee:

Gentoo Security <security>

Status:

RESOLVED DUPLICATE

Severity:

normal

CC:

dang, genstef, metalgod

Priority:

High

Version:

unspecified

Hardware:

All

OS:

Linux

Whiteboard:

B2 [] jaervosz

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
xpdf-splash-overflow.diff	none

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-01-26 11:45:37 UTC

Reported on V-S by Dirk Mueller from KDE

[shortening CC]

> I'm attaching a patch file which I believe covers all of the issues
> that have been raised with Xpdf.

I don't think it fixes the problem with invalid coordinates in splash 
handling, for which I attach my patch. 

example exploit:  http://www.marantz.com/pdfs/g_sr7500_man.pdf
(page 12 produces a heap buffer overflow).

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-01-26 11:48:13 UTC

Created attachment 78206 [details, diff]
xpdf-splash-overflow.diff

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-01-26 11:50:31 UTC

Printing please advise which packages this affects.

I propose to hold off patching until we have an official upstream fix.

Comment 3 Stefan Schweizer (RETIRED) gentoo-dev

2006-01-26 12:14:56 UTC

my kpdf crashes on that page, too. Seems poppler is affected.

Comment 4 Daniel Gryniewicz (RETIRED) gentoo-dev

2006-01-27 12:21:36 UTC

All of evince/poppler 0.5.0, gpdf-2.10.0-r2, and xpdf-3.01-r6 display that entire file fine for me.

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-01-27 13:17:09 UTC

kpdf crashes here as well.

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-01-31 02:39:12 UTC

Handling this on public bug #120985

*** This bug has been marked as a duplicate of 120985 ***