Lucene search
SuseSUSE-SA:2006:001HistoryJan 11, 2006 - 12:03 p.m.
remote code execution in xpdf,kpdf,gpdf,kword
2006-01-1112:03:37
lists.opensuse.org
13
0.184 Low
EPSS
Percentile
96.2%
“infamous41md”, Chris Evans and Dirk Mueller discovered multiple places in xpdf code where integer variables are insufficiently checked for range or overflow. Specially crafted PDF files could lead to executing arbitrary code. Copies of xpdf code are also contained in cups, kpdf, kword, gpdf, libextractor, pdf2html, poppler and tetex. Updates for those are in the works.
Solution
There is no known workaround, please install the update packages.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.2 | i586 | gpdf | < 0.131-11.10 | gpdf-0.131-11.10.i586.rpm |
| openSUSE | 9.1 | x86_64 | gpdf | < 0.112.1-26.10 | gpdf-0.112.1-26.10.x86_64.rpm |
| openSUSE | 10.0 | ppc | koffice-wordprocessing | < 1.4.1-10.3 | koffice-wordprocessing-1.4.1-10.3.ppc.rpm |
| openSUSE | 10.0 | i586 | xpdf | < 3.00-92.2 | xpdf-3.00-92.2.i586.rpm |
| openSUSE | 9.3 | x86_64 | xpdf | < 3.00-87.2 | xpdf-3.00-87.2.x86_64.rpm |
| openSUSE | 9.1 | x86_64 | kdegraphics3-pdf | < 3.2.1-67.16 | kdegraphics3-pdf-3.2.1-67.16.x86_64.rpm |
| openSUSE | 9.3 | i586 | kdegraphics3-pdf | < 3.4.0-11.5 | kdegraphics3-pdf-3.4.0-11.5.i586.rpm |
| openSUSE | 10.0 | ppc | poppler | < 0.4.2-3.2 | poppler-0.4.2-3.2.ppc.rpm |
| openSUSE | 9.2 | x86_64 | gpdf | < 0.131-11.10 | gpdf-0.131-11.10.x86_64.rpm |
| openSUSE | 10.0 | x86_64 | gpdf | < 2.10.0-12.2 | gpdf-2.10.0-12.2.x86_64.rpm |
Related
debian
debian
[SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code execution
2006-01-23 08:11:03
[SECURITY] [DSA 931-1] New xpdf packages fix arbitrary code execution
2006-01-09 16:56:11
[SECURITY] [DSA 950-1] New CUPS packages fix arbitrary code execution
2006-01-23 08:11:03
securityvulns
securityvulns
osv
osv
kdegraphics - buffer overflows
2006-01-09 00:00:00
xpdf - buffer overflows
2006-01-09 00:00:00
pdftohtml - buffer overflows
2006-02-01 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-950-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 961-1 (pdfkit.framework)
2008-01-17 00:00:00
Debian Security Advisory DSA 962-1 (pdftohtml)
2008-01-17 00:00:00
nessus
nessus
GLSA-200601-02 : KPdf, KWord: Multiple overflows in included Xpdf code
2006-01-15 00:00:00
Debian DSA-962-1 : pdftohtml - buffer overflows
2006-10-14 00:00:00
Debian DSA-931-1 : xpdf - buffer overflows
2006-10-14 00:00:00
centos
centos
xpdf security update
2005-12-06 16:19:16
kdegraphics security update
2005-12-21 02:55:30
tetex security update
2006-01-19 21:19:14
redhat
redhat
(RHSA-2005:868) kdegraphics security update
2005-12-20 00:00:00
(RHSA-2005:840) xpdf security update
2005-12-06 00:00:00
(RHSA-2006:0160) tetex security update
2006-01-19 00:00:00
gentoo
gentoo
KPdf, KWord: Multiple overflows in included Xpdf code
2006-01-04 00:00:00
Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows
2006-01-30 00:00:00
Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities
2005-12-16 00:00:00
slackware
slackware
[slackware-security] kdegraphics
2006-02-15 00:27:14
[slackware-security] xpdf
2006-02-15 00:28:51
[slackware-security] tetex PDF security
2006-05-22 22:14:23
ubuntu
ubuntu
xpdf vulnerabilities in kword, kpdf
2006-01-09 00:00:00
xpdf vulnerabilities
2006-01-06 00:00:00
xpdf vulnerabilities
2005-12-12 00:00:00
cve
cve
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2006-03-15 19:06:00
cvelist
cvelist
debiancve
debiancve
nvd
nvd