Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 120451 - app-text/xpdf possible second round this year (CVE-2006-0301) (Vendor-sec)
Summary: app-text/xpdf possible second round this year (CVE-2006-0301) (Vendor-sec)
Status: RESOLVED DUPLICATE of bug 120985
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2006-01-26 11:45 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2006-01-31 02:39 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
xpdf-splash-overflow.diff (xpdf-splash-overflow.diff,1.35 KB, patch)
2006-01-26 11:48 UTC, Sune Kloppenborg Jeppesen (RETIRED) 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-01-26 11:45:37 UTC 
Reported on V-S by Dirk Mueller from KDE

[shortening CC]

> I'm attaching a patch file which I believe covers all of the issues
> that have been raised with Xpdf.

I don't think it fixes the problem with invalid coordinates in splash 
handling, for which I attach my patch. 

example exploit:  http://www.marantz.com/pdfs/g_sr7500_man.pdf
(page 12 produces a heap buffer overflow).
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-01-26 11:48:13 UTC 
Created attachment 78206 [details, diff]
xpdf-splash-overflow.diff
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-01-26 11:50:31 UTC 
Printing please advise which packages this affects.

I propose to hold off patching until we have an official upstream fix.
Comment 3 Stefan Schweizer (RETIRED) gentoo-dev 2006-01-26 12:14:56 UTC 
my kpdf crashes on that page, too. Seems poppler is affected.
Comment 4 Daniel Gryniewicz (RETIRED) gentoo-dev 2006-01-27 12:21:36 UTC 
All of evince/poppler 0.5.0, gpdf-2.10.0-r2, and xpdf-3.01-r6 display that entire file fine for me.
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-01-27 13:17:09 UTC 
kpdf crashes here as well.
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-01-31 02:39:12 UTC 
Handling this on public bug #120985

*** This bug has been marked as a duplicate of 120985 ***