Package: gpdf Version: 2.8.2-1.3 Severity: important Tags: security xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
I haven't personally verified this, but gpdf is probably also vulnerable as it's from the same codebase. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages gpdf depends on: ii libart-2.0-2 2.3.17-1 Library of functions for 2D graphi ii libatk1.0-0 1.10.3-1 The ATK accessibility toolkit ii libbonobo2-0 2.10.1-1 Bonobo CORBA interfaces library ii libbonoboui2-0 2.10.1-1 The Bonobo UI library ii libc6 2.3.5-6 GNU C Library: Shared libraries an ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib ii libgcc1 1:4.0.2-2 GCC support library ii libgconf2-4 2.10.1-6 GNOME configuration database syste ii libglade2-0 1:2.5.1-2 library to load .glade files at ru ii libglib2.0-0 2.8.3-1 The GLib library of C routines ii libgnome2-0 2.10.1-1 The GNOME 2 library - runtime file ii libgnomecanvas2-0 2.10.2-2 A powerful object-oriented display ii libgnomeprint2.2-0 2.10.3-3 The GNOME 2.2 print architecture - ii libgnomeprintui2.2-0 2.10.2-2 GNOME 2.2 print architecture User ii libgnomeui-0 2.10.1-1 The GNOME 2 libraries (User Interf ii libgnomevfs2-0 2.10.1-5 The GNOME virtual file-system libr ii libgtk2.0-0 2.6.10-1 The GTK+ graphical user interface ii libice6 6.8.2.dfsg.1-8 Inter-Client Exchange library ii liborbit2 1:2.12.4-1 libraries for ORBit2 - a CORBA ORB ii libpango1.0-0 1.8.2-3 Layout and rendering of internatio ii libpaper1 1.1.14-3 Library for handling paper charact ii libpopt0 1.7-5 lib for parsing cmdline parameters ii libsm6 6.8.2.dfsg.1-8 X Window System Session Management ii libstdc++6 4.0.2-2 The GNU Standard C++ Library v3 ii libxml2 2.6.22-1 GNOME XML library ii xlibs 6.8.2.dfsg.1-8 X Window System client libraries m ii zlib1g 1:1.2.3-4 compression library - runtime gpdf recommends no packages. -- no debconf information -- see shy jo
signature.asc
Description: Digital signature