Bug#291266: vulnerable to CAN-2005-0064

Wed, 19 Jan 2005 11:41:44 -0800 

Package: xpdf-reader
Version: 3.00-11
Severity: grave
Tags: patch security

xpdf is vulnerable to a buffer overflow that can be exploited by
malicious pdfs to execute arbitrary code. The hole is described here:
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities&flashstatus=false

I've attached a patch that adds bounds checking to close the hole.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages xpdf depends on:
ii  xpdf-common                   3.00-11    Portable Document Format (PDF) sui
ii  xpdf-reader                   3.00-11    Portable Document Format (PDF) sui
ii  xpdf-utils                    3.00-11    Portable Document Format (PDF) sui

Versions of packages xpdf-reader depends on:
ii  gsfonts                  8.14+v8.11-0.1  Fonts for the Ghostscript interpre
ii  lesstif2                 1:0.93.94-11    OSF/Motif 2.1 implementation relea
ii  libc6                    2.3.2.ds1-20    GNU C Library: Shared libraries an
ii  libfreetype6             2.1.7-2.3       FreeType 2 font engine, shared lib
ii  libgcc1                  1:3.4.3-7       GCC support library
ii  libice6                  4.3.0.dfsg.1-10 Inter-Client Exchange library
ii  libpaper1                1.1.14-3        Library for handling paper charact
ii  libsm6                   4.3.0.dfsg.1-10 X Window System Session Management
ii  libstdc++5               1:3.3.5-6       The GNU Standard C++ Library v3
ii  libt1-5                  5.0.2-3         Type 1 font rasterizer library - r
ii  libx11-6                 4.3.0.dfsg.1-10 X Window System protocol client li
ii  libxext6                 4.3.0.dfsg.1-10 X Window System miscellaneous exte
ii  libxp6                   4.3.0.dfsg.1-10 X Window System printing extension
ii  libxpm4                  4.3.0.dfsg.1-10 X pixmap library
ii  libxt6                   4.3.0.dfsg.1-10 X Toolkit Intrinsics
ii  xlibs                    4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu
ii  xpdf-common              3.00-11         Portable Document Format (PDF) sui
ii  zlib1g                   1:1.2.2-4       compression library - runtime

-- no debconf information

-- 
see shy jo

*** XRef.cc.orig        Wed Jan 12 17:10:53 2005
--- XRef.cc     Wed Jan 12 17:11:22 2005
***************
*** 793,798 ****
--- 793,801 ----
        } else {
          keyLength = 5;
        }
+       if (keyLength > 16) {
+         keyLength = 16;
+       }
        permFlags = permissions.getInt();
        if (encVersion >= 1 && encVersion <= 2 &&
            encRevision >= 2 && encRevision <= 3) {

Attachment: signature.asc
Description: Digital signature

Reply via email to