Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 187310
Alias:
Product:
Component:
Status: RESOLVED
Resolution: DUPLICATE of bug 187139
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matt Fleming (RETIRED) <mjf@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 187310 depends on: Show dependency tree
Bug 187310 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-07-31 23:56 0000 
Integer overflow in the StreamPredictor::StreamPredictor function in gpdf
before 2.8.2, as used in (1) poppler, (2) xpdf, (3) kpdf, (4) kdegraphics, (5)
CUPS, and other products, might allow remote attackers to execute arbitrary
code via a crafted PDF file.

KDE's advisory is here,
http://www.kde.org/info/security/advisory-20070730-1.txt
They claim execution of arbitrary code is possible.

------- Comment #1 From Carsten Lohrke 2007-08-01 13:05:07 0000 ------- 
Bugs exist already. The security team will hopefully make them visible to
everyone, soon.

*** This bug has been marked as a duplicate of bug 187139 ***

------- Comment #2 From Sune Kloppenborg Jeppesen 2007-08-14 10:12:22 0000 ------- 
Just trying to catch up on bugs, but is poppler fixed anywhere?

------- Comment #3 From Carsten Lohrke 2007-08-14 16:05:56 0000 ------- 
(In reply to comment #2)
> Just trying to catch up on bugs, but is poppler fixed anywhere?
> 

Don't think so and according to the CVE cups should be also affected.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug