kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a vulnerability that can cause a stack based buffer overflow
via a PDF file that exploits an integer overflow in
StreamPredictor::StreamPredictor(). We'd like to thank
Derek Noonburg for bringing this issue to our attention.
Remotely supplied pdf files can be used to disrupt the kpdf
viewer on the client machine and possibly execute arbitrary code.
The upstream advisory will be out in a couple of hours. I'm taking care of the patches. Is there a restricted bug for xpdf, poppler, etc. yet?
for xpdf, it's bug 185225
So why weren't bugs created for the maintainers of the usual suspects of packages to be affected as well? From looking at the GLSA list aside KDE there are gpdf, libextractor, pdftohtml and possibly others to have a look at.
kword-1.6.3-r1 and koffice-1.6.3-r1 can go stable, kpdf-3.5.7-r1 and kdegraphics-3.5.7-r1 will be taken care of with the stabilization of KDE 3.5.7.
Security team, please change visibility, it's public.
*** Bug 187310 has been marked as a duplicate of this bug. ***
thanks for the info carlo.
Arches, please test and mark stable:
kword-1.6.3-r1, target "alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
koffice-1.6.3-r1, target "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Sparc done for both. koffice-1.6.3-r1 builds and installs as expected; utilities seem to work. kword-1.6.3-r1 (same source) builds as expected and passes with FEATURES=test.
Marked stable for HPPA:
"poppler includes a copy of the xpdf code and required an update as well."
(In reply to comment #12)
> "poppler includes a copy of the xpdf code and required an update as well."
Pointed that out in comment 2 already (well, didn't mention poppler being affected as it is what you'd expect).
Can the security team please unrestrict bug 185225 as well!? The xpdf vuln. really isn't news anymore. Also, are there (restricted) bugs for the other packages, yet?
Changing status to [glsa], security please do your magic.
GLSA 200710-08, sorry for the delay