Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 187139 - app-office/{koffice,kword}, kde-base/{kdegraphics,kpdf} - stack based buffer overflow (CVE-2007-3387)
Summary: app-office/{koffice,kword}, kde-base/{kdegraphics,kpdf} - stack based buffer ...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
: 187310 (view as bug list)
Depends on:
Reported: 2007-07-30 15:10 UTC by Carsten Lohrke (RETIRED)
Modified: 2007-10-09 22:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Lohrke (RETIRED) gentoo-dev 2007-07-30 15:10:59 UTC
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a vulnerability that can cause a stack based buffer overflow
via a PDF file that exploits an integer overflow in
StreamPredictor::StreamPredictor(). We'd like to thank
Derek Noonburg for bringing this issue to our attention.

Remotely supplied pdf files can be used to disrupt the kpdf
viewer on the client machine and possibly execute arbitrary code.

The upstream advisory will be out in a couple of hours. I'm taking care of the patches. Is there a restricted bug for xpdf, poppler, etc. yet?
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-07-30 15:30:15 UTC
for xpdf, it's bug 185225
Comment 2 Carsten Lohrke (RETIRED) gentoo-dev 2007-07-30 16:08:03 UTC
So why weren't bugs created for the maintainers of the usual suspects of packages to be affected as well? From looking at the GLSA list aside KDE there are gpdf, libextractor, pdftohtml and possibly others to have a look at.
Comment 3 Carsten Lohrke (RETIRED) gentoo-dev 2007-07-30 18:04:50 UTC
kword-1.6.3-r1 and koffice-1.6.3-r1 can go stable, kpdf-3.5.7-r1 and kdegraphics-3.5.7-r1 will be taken care of with the stabilization of KDE 3.5.7.
Comment 4 Carsten Lohrke (RETIRED) gentoo-dev 2007-08-01 13:01:54 UTC
Security team, please change visibility, it's public.
Comment 5 Carsten Lohrke (RETIRED) gentoo-dev 2007-08-01 13:05:07 UTC
*** Bug 187310 has been marked as a duplicate of this bug. ***
Comment 6 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-08-01 13:14:38 UTC
thanks for the info carlo.
Arches, please test and mark stable:
kword-1.6.3-r1, target "alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
koffice-1.6.3-r1, target "alpha amd64 hppa ia64 ppc ppc64 sparc x86"
Comment 7 Ferris McCormick (RETIRED) gentoo-dev 2007-08-01 15:00:17 UTC
Sparc done for both.  koffice-1.6.3-r1 builds and installs as expected; utilities seem to work.  kword-1.6.3-r1 (same source) builds as expected and passes with FEATURES=test.
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2007-08-01 18:16:25 UTC
Marked stable for HPPA:
Comment 9 Markus Rothe (RETIRED) gentoo-dev 2007-08-01 19:39:41 UTC
ppc64 stable
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2007-08-01 19:46:54 UTC
alpha/ia64/x86 stable
Comment 11 Tobias Scherbaum (RETIRED) gentoo-dev 2007-08-03 05:45:39 UTC
ppc stable
Comment 12 Robert Buchholz (RETIRED) gentoo-dev 2007-08-04 13:34:59 UTC
"poppler includes a copy of the xpdf code and required an update as well."
Comment 13 Carsten Lohrke (RETIRED) gentoo-dev 2007-08-04 14:47:32 UTC
(In reply to comment #12)
> "poppler includes a copy of the xpdf code and required an update as well."

Pointed that out in comment 2 already (well, didn't mention poppler being affected as it is what you'd expect).

Can the security team please unrestrict bug 185225 as well!? The xpdf vuln. really isn't news anymore. Also, are there (restricted) bugs for the other packages, yet?
Comment 14 Steve Dibb (RETIRED) gentoo-dev 2007-08-12 14:42:45 UTC
amd64 stable
Comment 15 Christian Faulhammer (RETIRED) gentoo-dev 2007-09-08 22:08:44 UTC
Changing status to [glsa], security please do your magic.
Comment 16 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-10-09 22:27:55 UTC
GLSA 200710-08, sorry for the delay