Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 203287 (CVE-2007-6561) - media-libs/pdflib <7.0.2_p8 "pdc_fsearch_fopen()" Buffer Overflow Vulnerability (CVE-2007-6561)
Summary: media-libs/pdflib <7.0.2_p8 "pdc_fsearch_fopen()" Buffer Overflow Vulnerabili...
Alias: CVE-2007-6561
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2007-12-25 11:16 UTC by Lars Hartmann
Modified: 2020-04-04 10:13 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Lars Hartmann 2007-12-25 11:16:20 UTC
poplix has discovered a vulnerability in PDFlib, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

The vulnerability is caused due to a boundary error within the "pdc_fsearch_fopen()" function. This can be exploited to cause a stack-based buffer overflow via e.g. a call to "PDF_load_image()" with an overly long filename parameter.

NOTE: Other functions are also reportedly affected by similar boundary errors.

The vulnerability is confirmed in version 7.0.2 for Linux on IA-32. Other versions may also be affected.

Reproducible: Always
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-12-25 12:00:09 UTC
cc'ing maintainers. According to the advisory, upstream already is working on a patch.

Since the PDFlib version we are shipping, is actually the "Lite" variant, we should check if that is also affected.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2007-12-25 12:13:17 UTC
(In reply to comment #1)
> Since the PDFlib version we are shipping, is actually the "Lite" variant, we
> should check if that is also affected.

Confirmed for 7.02
Comment 3 Lars Hartmann 2008-01-04 20:07:05 UTC
could someone please add CVE-2007-6561 to the topic?
i dont have the needed permissions to do that
Comment 4 Christian Hoffmann (RETIRED) gentoo-dev 2008-01-04 20:13:45 UTC
Thankies, done. :)
Comment 5 Robert Buchholz (RETIRED) gentoo-dev 2008-01-05 02:23:33 UTC
Upstream expects a release in roughly four weeks.
Comment 6 Robert Buchholz (RETIRED) gentoo-dev 2008-02-28 14:37:51 UTC
New upstream release fixes this. php herd, please bump:
Comment 7 Jakub Moc (RETIRED) gentoo-dev 2008-02-28 14:43:14 UTC
Yeah, I'd love to have this bumped, alas I just wasted two hours of my time with their broken configure scripts.
Comment 8 Jakub Moc (RETIRED) gentoo-dev 2008-02-28 16:10:56 UTC
pdflib-7.0.2_p8 InCVS...

Any attempts to cleanup up the ebuild failed since:
- ruby support is hard-disabled as the configure magic is heavily broken, and requires a patch even to disable it
- emake install still doesn't work, installs to ${D}/${D}
- even einstall requires manual hacks to not install stuff to broken locations
- no, I don't know what makes it spit out the following warning and I frankly don't care

bzip2: Can't open input file /var/tmp/portage/media-libs/pdflib-7.0.2_p8/image/usr/share/doc/pdflib-7.0.2_p8//pdflib: No such file or directory.

archies, please test and stabilize; tested and working here with USE="cxx -doc -java perl python -tcl" on x86 and amd64, everything else is untested and I hope I won't have to touch the ebuild for quite some time.

@mips - either rekeyword this now or lose pdflib altogether, all the remaining versions will go away ASAP.

Comment 9 Markus Meier gentoo-dev 2008-02-28 20:18:21 UTC
x86 stable
Comment 10 Brent Baude (RETIRED) gentoo-dev 2008-02-29 02:04:55 UTC
ppc64 stable
Comment 11 Jeroen Roovers (RETIRED) gentoo-dev 2008-02-29 05:36:36 UTC
Stable for HPPA.
Comment 12 Raúl Porcel (RETIRED) gentoo-dev 2008-02-29 15:42:11 UTC
alpha/ia64/sparc stable
Comment 13 Thomas Anderson (tanderson) (RETIRED) gentoo-dev 2008-03-03 22:38:42 UTC

1. Compiles.
2. Installs.
3. Merges.
4. Works.
4.1 Tested built-in pdfimage tool for viewing pdf's
4.2 Tested xml2doc pdf output using all examples provided.
4.3 Tested grace pdf support.

Portage (default-linux/amd64/2007.0/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-r9 x86_64)
System uname: 2.6.23-gentoo-r9 x86_64 AMD Athlon(tm) 64 Processor 3400+
Timestamp of tree: Mon, 03 Mar 2008 01:47:01 +0000
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p17-r1
dev-java/java-config: 1.3.7, 2.1.4
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.23-r3
CFLAGS="-march=athlon64 -O2 -pipe"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-march=athlon64 -O2 -pipe"
FEATURES="buildpkg ccache collision-protect distlocks metadata-transfer multilib-strict nostrip parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch userpriv"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTDIR_OVERLAY="/usr/portage/local/enlightenment /overlay"
USE="X acl acpi aim alsa amd64 arts bash-completion berkdb bitmap-fonts branding cairo cdr cli cracklib crypt cups dbus dri dvd dvdr dvdread eds emboss encode esd evo fam firefox fortran gdbm gif gpm gstreamer hal iconv imap ipv6 isdnlog jpeg kde kerberos mad midi mikmod mmx mp3 mpeg mudflap mysql mysqli ncurses nls nptl nptlonly nvidia ogg opengl openmp oss pam pcre pdf perl png pppd python qt qt3 qt3support qt4 quicktime readline reflection sdl session spell spl sqlite3 sse sse2 ssl svg tcpd tiff truetype truetype-fonts type1-fonts unicode vim vim-syntax vorbis xine xml xorg xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="nvidia"

Comment 14 Christoph Mende (RETIRED) gentoo-dev 2008-03-03 23:22:57 UTC
amd64 stable
Comment 15 Tobias Scherbaum (RETIRED) gentoo-dev 2008-03-04 20:53:31 UTC
ppc stable
Comment 16 Robert Buchholz (RETIRED) gentoo-dev 2008-03-08 16:26:58 UTC
request filed
Comment 17 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-03-10 21:38:43 UTC
GLSA 200803-17
Comment 18 Robert Buchholz (RETIRED) gentoo-dev 2009-05-28 16:07:43 UTC
mips: please rekeyword =media-libs/pdflib-7.0.2_p8
Comment 19 Stefan Behte (RETIRED) gentoo-dev Security 2010-03-06 16:30:44 UTC
Hey mips, anyone alive there? :)
Comment 20 Jaak Ristioja 2010-07-26 12:36:25 UTC
There is no <media-libs/pdflib-7.0.2_p8 in portage any more.
Comment 21 Stefan Behte (RETIRED) gentoo-dev Security 2010-07-26 19:40:09 UTC
mips is not relevant for security anymore, closing GLSA.