Slackware 10.2 / current : tetex PDF security (SSA:2006-142-01)

New tetex packages are available for Slackware 10.2 and -current to fix a possible security issue. teTeX-3.0 incorporates some code from the xpdf program which has been shown to have various overflows that could result in program crashes or possibly the execution of arbitrary code as the teTeX...

[slackware-security] tetex PDF security

New tetex packages are available for Slackware 10.2 and -current to fix a possible security issue. teTeX-3.0 incorporates some code from the xpdf program which has been shown to have various overflows that could result in program crashes or possibly the execution of arbitrary code as the teTeX...

CVE-2005-4784

Multiple buffer overflows in the POSIX readdirr function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via 1 a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with...

USN-270-1: xpdf vulnerabilities

Derek Noonburg discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that...

GLSA-200603-02 : teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code

The remote host is affected by the vulnerability described in GLSA-200603-02 teTeX, pTeX, CSTeX: Multiple overflows in included XPdf code CSTeX, teTex, and pTeX include XPdf code to handle PDF files. This XPdf code is vulnerable to several heap overflows GLSA 200512-08 as well as several buffer a...

RHEL 4 : libpng (RHSA-2006:0205)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2006:0205 advisory. The libpng package contains a library of functions for creating and manipulating PNG Portable Network Graphics image format files. A heap based buffe...

tetex security update

CentOS Errata and Security Advisory CESA-2006:0160-01 Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a se...

CVE-2005-3628

CVE-2005-3628 is a buffer overflow in JBIG2Bitmap::JBIG2Bitmap in JBIG2Stream.cc of Xpdf (and derivatives like gpdf, kpdf, pdftohtml, poppler, etc.). The vulnerability could allow attackers to modify memory and potentially execute arbitrary code. OpenVAS/Slackware/Debian OpenVAS entries reference...

CVE-2005-3628

Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors...

Ubuntu 4.10 / 5.04 / 5.10 : xpdf, poppler, cupsys, tetex-bin vulnerabilities (USN-236-1)

Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that...

Ubuntu 4.10 / 5.04 / 5.10 : xpdf/cupsys/tetex-bin/kdegraphics/koffice vulnerabilities (USN-227-1)

infamous41md discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, tetex-bin, KOffice, and kpdf. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the...

RHEL 2.1 / 3 / 4 : tetex (RHSA-2006:0160)

Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input and creates a...

tetex security update

CentOS Errata and Security Advisory CESA-2006:0160 Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set o...

Moderate: Red Hat Security Advisory: tetex security update

Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input and creates a...

Fedora Core 3 : tetex-2.0.2-21.7.FC3 (2006-029)

Several flaws were discovered in the way teTeX processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624,...

SUSE-SA:2006:001: xpdf,kpdf,gpdf,kword

The remote host is missing the patch for the advisory SUSE-SA:2006:001 xpdf,kpdf,gpdf,kword. 'infamous41md', Chris Evans and Dirk Mueller discovered multiple places in xpdf code where integer variables are insufficiently checked for range or overflow. Specially crafted PDF files could lead to...

Ubuntu 4.10 : xpdf, tetex-bin vulnerabilities (USN-48-1)

A potential buffer overflow has been found in the xpdf viewer. An insufficient input validation could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code...

Ubuntu 4.10 : tetex-bin vulnerability (USN-51-1)

Javier Fernandez-Sanguino Pena noticed that 'xdvizilla', an auxiliary script to integrate DVI file viewing in Mozilla-based browsers, created temporary files and directories in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges o...

Ubuntu 4.10 : tetex-bin vulnerabilities (USN-9-1)

Chris Evans and Marcus Meissner recently discovered several integer overflow vulnerabilities in xpdf, a viewer for PDF files. Because tetex-bin contains xpdf code, it is also affected. These vulnerabilities could be exploited by an attacker providing a specially crafted TeX, LaTeX, or PDF file...

Ubuntu 4.10 : xpdf vulnerabilities (USN-14-1)

Markus Meissner discovered even more integer overflow vulnerabilities in xpdf, a viewer for PDF files. These integer overflows can eventually lead to buffer overflows. The Common UNIX Printing System CUPS uses the same code to print PDF files; tetex-bin uses the code to generate PDF output and...