[SECURITY] [DSA 998-1] New libextractor packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 998-1 [email protected] http://www.debian.org/security/ Martin Schulze March 14th, 2006 http://www.debian.org/security/faq -...

DSA-998-1 libextractor - several

Bulletin has no description...

[ GLSA 200601-17 ] Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows

Gentoo Linux Security Advisory GLSA 200601-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

GLSA-200601-17 : Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows

The remote host is affected by the vulnerability described in GLSA-200601-17 Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows Chris Evans has reported some integer overflows in Xpdf when attempting to calculate buffer sizes for memory allocation, leading to a heap overflow and a...

Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows

Background Xpdf is a PDF file viewer that runs under the X Window System. Poppler is a PDF rendering library based on the Xpdf 3.0 code base. GPdf is a PDF file viewer for the GNOME 2 platform, also based on Xpdf. libextractor is a library which includes Xpdf code to extract arbitrary meta-data...

CVE-2005-3628

CVE-2005-3628 is a buffer overflow in JBIG2Bitmap::JBIG2Bitmap in JBIG2Stream.cc of Xpdf (and derivatives like gpdf, kpdf, pdftohtml, poppler, etc.). The vulnerability could allow attackers to modify memory and potentially execute arbitrary code. OpenVAS/Slackware/Debian OpenVAS entries reference...

CVE-2005-3628

Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors...

SUSE-SA:2006:001: xpdf,kpdf,gpdf,kword

The remote host is missing the patch for the advisory SUSE-SA:2006:001 xpdf,kpdf,gpdf,kword. 'infamous41md', Chris Evans and Dirk Mueller discovered multiple places in xpdf code where integer variables are insufficiently checked for range or overflow. Specially crafted PDF files could lead to...

[SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 936-1 [email protected] http://www.debian.org/security/ Martin Schulze January 11th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 936-1] New libextractor packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 936-1 [email protected] http://www.debian.org/security/ Martin Schulze January 11th, 2006 http://www.debian.org/security/faq -...

DSA-936-1 libextractor - buffer overflows

Bulletin has no description...

CVE-2005-3624

CVE-2005-3624 affects multiple PDF tools (xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is in CCITTFaxDecode handling in Stream.cc, where negative or very large integers can trigger integer overflows/underflows, leading to heap corruption. The documented impact...

CVE-2005-3625

CVE-2005-3625 is confirmed to affect Xpdf and related tools (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is a denial-of-service in PDF stream handling where streams that end prematurely can cause an infinite loop, demonstrated for the CCITTFaxDecode and DCTDecode s...

CVE-2005-3627

CVE-2005-3627 is a vulnerability in Xpdf (Stream.cc) affecting multiple products using Xpdf code paths (e.g., gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor). The issue arises in DCTDecode stream handling: (1) an unchecked large number of components value in DCTStream::readBaselineSOF/...

CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service infinite loop via streams that end prematurely, as demonstrated using the 1 CCITTFaxDecode and 2 DCTDecode streams, aka "Infinite CPU spins."...

CVE-2005-3627

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with 1 a large "number of components" value that is not checked by...

CVE-2005-3628

Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors...

CVE-2005-3192

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as 1 Poppler, 2 teTeX, 3 KDE kpdf, and 4 pdftohtml, 5 KOffice KWord, 6 CUPS, and 7 libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps number o...

CVE-2005-3192

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as 1 Poppler, 2 teTeX, 3 KDE kpdf, and 4 pdftohtml, 5 KOffice KWord, 6 CUPS, and 7 libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps number o...

DEBIAN-CVE-2005-3193

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code JPXStream.c for xpdf 3.01 and earlier, as used in products such as 1 Poppler, 2 teTeX, 3 KDE kpdf, 4 CUPS, and 5 libextractor allows user-assisted attackers to cause a denial of service heap...