Package: xpdf-reader Version: 3.00-13 Severity: critical Justification: causes serious data loss
Arbitrary code execution (with privileges as user of package) issues reported by iDefense: Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability Multiple Vendor xpdf DCTStream Progressive Heap Overflow Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability http://www.idefense.com/application/poi/display?id=342 http://www.idefense.com/application/poi/display?id=343 http://www.idefense.com/application/poi/display?id=344 http://www.idefense.com/application/poi/display?id=345 (Debian, both woody and sarge, is specifically mentioned as vulnerable.) Reported also on public mailing lists, see http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/ http://www.securityfocus.com/archive/1 Upstream/vendor patches are apparently available. Cheers, Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-spm0.5 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages xpdf-reader depends on: ii gsfonts 8.14+v8.11+urw-0.2 Fonts for the Ghostscript interpre ii lesstif2 1:0.93.94-11.4 OSF/Motif 2.1 implementation relea ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libfreetype6 2.1.7-2.4 FreeType 2 font engine, shared lib ii libgcc1 1:3.4.3-13 GCC support library ii libice6 4.3.0.dfsg.1-14sarge1 Inter-Client Exchange library ii libpaper1 1.1.14-3 Library for handling paper charact ii libsm6 4.3.0.dfsg.1-14sarge1 X Window System Session Management ii libstdc++5 1:3.3.5-13 The GNU Standard C++ Library v3 ii libt1-5 5.0.2-3 Type 1 font rasterizer library - r ii libx11-6 4.3.0.dfsg.1-14sarge1 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-14sarge1 X Window System miscellaneous exte ii libxp6 4.3.0.dfsg.1-14sarge1 X Window System printing extension ii libxpm4 4.3.0.dfsg.1-14sarge1 X pixmap library ii libxt6 4.3.0.dfsg.1-14sarge1 X Toolkit Intrinsics ii xlibs 4.3.0.dfsg.1-14sarge1 X Keyboard Extension (XKB) configu ii xpdf-common 3.00-13 Portable Document Format (PDF) sui ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
