Lucene search

K
suseSuseSUSE-SA:2007:060
HistoryNov 14, 2007 - 4:50 p.m.

remote code execution in xpdf, kdegraphics3-pdf, koffice, libextractor,

2007-11-1416:50:40
lists.opensuse.org
27

EPSS

0.334

Percentile

97.1%

Secunia Research reported three security bugs in xpdf. The first problem occurs while indexing an array in DCTStream:: readProgressiveDataUnit() and is tracked by CVE-2007-4352. Another method in the same class named reset() is vulnerable to an integer overflow which leads to an overflow on the heap, CVE-2007-5392. The last bug also causes an overflow on the heap but this time in method lookChar() of class CCITTFaxStream, CVE-2007-5393. All three bugs can be exploited remotely with a crafted PDF file with user- assistance only. These bugs do not only affect xpdf but also the following packages: kdegraphics3-pdf, koffice, libextractor, poppler, gpdf, cups, pdf, pdftohtml

Solution

There is no work-around kown.