Package: libpoppler5 Version: 0.12.4-1.2+squeeze3 Severity: important In DCTStream.cc::init(), when initializing a jpeg stream, a custom error_exit handler is set. According to libjpeg's documentation, this handler should not return to the caller. (cf. http://www.opensource.apple.com/source/tcl/tcl-87/tcl_ext/tkimg/tkimg/libjpeg/libjpeg.doc ; "Error Handling") The custom handler (exitErrorHandler) does return to the caller. This induces several vulnerabilities in jpeg handling, and at least one of these can be exploited to run arbitrary code (for example in evince, when it's not compiled as PIE, as in debian 6)
-- System Information: Debian Release: 6.0.7 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.36.4 (SMP w/2 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libpoppler5 depends on: ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.4.2-2.1+squeeze4 FreeType 2 font engine, shared lib ii libgcc1 1:4.4.5-8 GCC support library ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG ii liblcms1 1.18.dfsg-1.2+b3 Color management library ii libopenjpeg2 1.3+dfsg-4+squeeze1 JPEG 2000 image compression/decomp ii libpng12-0 1.2.44-1+squeeze4 PNG library - runtime ii libstdc++6 4.4.5-8 The GNU Standard C++ Library v3 ii libxml2 2.7.8.dfsg-2+squeeze7 GNOME XML library libpoppler5 recommends no packages. libpoppler5 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org