GLSA-200602-12 : GPdf: heap overflows in included Xpdf code

The remote host is affected by the vulnerability described in GLSA-200602-12 GPdf: heap overflows in included Xpdf code Dirk Mueller found a heap overflow vulnerability in the XPdf codebase when handling splash images that exceed size of the associated bitmap. Impact : An attacker could entice a...

Mandrake Linux Security Advisory : tetex (MDKSA-2006:011)

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code Stream.cc in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service heap corruption and possibly execute arbitrary code via...

Mandrake Linux Security Advisory : kdegraphics (MDKSA-2006:012)

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code Stream.cc in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service heap corruption and possibly execute arbitrary code via...

GLSA-200501-31 : teTeX, pTeX, CSTeX: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200501-31 teTeX, pTeX, CSTeX: Multiple vulnerabilities teTeX, pTeX and CSTeX all make use of Xpdf code and may therefore be vulnerable to the various overflows that were discovered in Xpdf code CAN-2004-0888, CAN-2004-0889,...

CVE-2004-0888

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service crash and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889...

[ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities

Gentoo Linux Security Advisory GLSA 200501-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

CUPS: Stack overflow in included Xpdf code

Background The Common UNIX Printing System CUPS is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. Description The Decrypt::makeFileKey2 function in Xpdf's Decrypt.cc insufficiently checks boundaries when processing /Encrypt /Length tags in PDF files GLSA 200501-28...

pdftohtml: Vulnerabilities in included Xpdf

Background pdftohtml is a utility to convert PDF files to HTML or XML formats. It makes use of Xpdf code to decode PDF files. Description Xpdf is vulnerable to integer overflows, as described in GLSA 200412-24. Impact An attacker could entice a user to convert a specially-crafted PDF file,...

USN-9-1: tetex-bin vulnerabilities

Chris Evans and Marcus Meissner recently discovered several integer overflow vulnerabilities in xpdf, a viewer for PDF files. Because tetex-bin contains xpdf code, it is also affected. These vulnerabilities could be exploited by an attacker providing a specially crafted TeX, LaTeX, or PDF file...

MDKSA-2004:114 - Updated gpdf packages fix DoS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrakelinux Security Update Advisory Package name: gpdf Advisory ID: MDKSA-2004:114 Date: October 21st, 2004 Affected versions: 10.0 Problem Description: Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software...

xpdf -- integer overflow vulnerabilities

Chris Evans discovered several integer arithmetic overflows in the xpdf 2 and xpdf 3 code bases. The flaws have impacts ranging from denial-of-service to arbitrary code execution...

Debian DSA-232-1 : cupsys - several vulnerabilities

Multiple vulnerabilities were discovered in the Common Unix Printing System CUPS. Several of these issues represent the potential for a remote compromise or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2002-1383: Multiple integer...