Bug#334454: vulnerable to CAN-2005-2097

Mon, 17 Oct 2005 18:48:15 -0700 

Package: gpdf
Version: 2.8.2-1.3
Severity: important
Tags: security

 xpdf and kpdf do not properly validate the "loca" table in PDF files, which
 allows local users to cause a denial of service (disk consumption and hang) via
 a PDF file with a "broken" loca table, which causes a large temporary file to
 be created when xpdf attempts to reconstruct the information.

I haven't personally verified this, but gpdf is probably also vulnerable
as it's from the same codebase.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages gpdf depends on:
ii  libart-2.0-2              2.3.17-1       Library of functions for 2D graphi
ii  libatk1.0-0               1.10.3-1       The ATK accessibility toolkit
ii  libbonobo2-0              2.10.1-1       Bonobo CORBA interfaces library
ii  libbonoboui2-0            2.10.1-1       The Bonobo UI library
ii  libc6                     2.3.5-6        GNU C Library: Shared libraries an
ii  libfreetype6              2.1.10-1       FreeType 2 font engine, shared lib
ii  libgcc1                   1:4.0.2-2      GCC support library
ii  libgconf2-4               2.10.1-6       GNOME configuration database syste
ii  libglade2-0               1:2.5.1-2      library to load .glade files at ru
ii  libglib2.0-0              2.8.3-1        The GLib library of C routines
ii  libgnome2-0               2.10.1-1       The GNOME 2 library - runtime file
ii  libgnomecanvas2-0         2.10.2-2       A powerful object-oriented display
ii  libgnomeprint2.2-0        2.10.3-3       The GNOME 2.2 print architecture -
ii  libgnomeprintui2.2-0      2.10.2-2       GNOME 2.2 print architecture User 
ii  libgnomeui-0              2.10.1-1       The GNOME 2 libraries (User Interf
ii  libgnomevfs2-0            2.10.1-5       The GNOME virtual file-system libr
ii  libgtk2.0-0               2.6.10-1       The GTK+ graphical user interface 
ii  libice6                   6.8.2.dfsg.1-8 Inter-Client Exchange library
ii  liborbit2                 1:2.12.4-1     libraries for ORBit2 - a CORBA ORB
ii  libpango1.0-0             1.8.2-3        Layout and rendering of internatio
ii  libpaper1                 1.1.14-3       Library for handling paper charact
ii  libpopt0                  1.7-5          lib for parsing cmdline parameters
ii  libsm6                    6.8.2.dfsg.1-8 X Window System Session Management
ii  libstdc++6                4.0.2-2        The GNU Standard C++ Library v3
ii  libxml2                   2.6.22-1       GNOME XML library
ii  xlibs                     6.8.2.dfsg.1-8 X Window System client libraries m
ii  zlib1g                    1:1.2.3-4      compression library - runtime

gpdf recommends no packages.

-- no debconf information

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply via email to