Package: xpdf-reader Version: 3.00-11 Severity: grave Tags: patch security xpdf is vulnerable to a buffer overflow that can be exploited by malicious pdfs to execute arbitrary code. The hole is described here: http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities&flashstatus=false
I've attached a patch that adds bounds checking to close the hole. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.27 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages xpdf depends on: ii xpdf-common 3.00-11 Portable Document Format (PDF) sui ii xpdf-reader 3.00-11 Portable Document Format (PDF) sui ii xpdf-utils 3.00-11 Portable Document Format (PDF) sui Versions of packages xpdf-reader depends on: ii gsfonts 8.14+v8.11-0.1 Fonts for the Ghostscript interpre ii lesstif2 1:0.93.94-11 OSF/Motif 2.1 implementation relea ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libfreetype6 2.1.7-2.3 FreeType 2 font engine, shared lib ii libgcc1 1:3.4.3-7 GCC support library ii libice6 4.3.0.dfsg.1-10 Inter-Client Exchange library ii libpaper1 1.1.14-3 Library for handling paper charact ii libsm6 4.3.0.dfsg.1-10 X Window System Session Management ii libstdc++5 1:3.3.5-6 The GNU Standard C++ Library v3 ii libt1-5 5.0.2-3 Type 1 font rasterizer library - r ii libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-10 X Window System miscellaneous exte ii libxp6 4.3.0.dfsg.1-10 X Window System printing extension ii libxpm4 4.3.0.dfsg.1-10 X pixmap library ii libxt6 4.3.0.dfsg.1-10 X Toolkit Intrinsics ii xlibs 4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu ii xpdf-common 3.00-11 Portable Document Format (PDF) sui ii zlib1g 1:1.2.2-4 compression library - runtime -- no debconf information -- see shy jo
*** XRef.cc.orig Wed Jan 12 17:10:53 2005 --- XRef.cc Wed Jan 12 17:11:22 2005 *************** *** 793,798 **** --- 793,801 ---- } else { keyLength = 5; } + if (keyLength > 16) { + keyLength = 16; + } permFlags = permissions.getInt(); if (encVersion >= 1 && encVersion <= 2 && encRevision >= 2 && encRevision <= 3) {
signature.asc
Description: Digital signature