[poppler] Fwd: Secunia Research: Xpdf "Stream.cc" Multiple Vulnerabilities

Albert Astals Cid aacid at kde.org
Fri Nov 9 10:21:06 PST 2007 

A Divendres 09 Novembre 2007, Brad Hards va escriure:
> FYI. Its now public.

Already patched on git, and even with additional fixes ;-)

Albert

> ----------  Forwarded Message  ----------
>
> Subject: Secunia Research: Xpdf "Stream.cc" Multiple Vulnerabilities
> Date: Thursday 08 November 2007 02:42
> From: Secunia Research <remove-vuln at secunia.com>
> To: vuln at secunia.com
> Cc: bugtraq at securityfocus.com
>
> ======================================================================
>
>                      Secunia Research 07/11/2007
>
>              - Xpdf "Stream.cc" Multiple Vulnerabilities -
>
> ======================================================================
> Table of Contents
>
> Affected Software....................................................1
> Severity.............................................................2
> Vendor's Description of Software.....................................3
> Description of Vulnerability.........................................4
> Solution.............................................................5
> Time Table...........................................................6
> Credits..............................................................7
> References...........................................................8
> About Secunia........................................................9
> Verification........................................................10
>
> ======================================================================
> 1) Affected Software
>
> * Xpdf 3.02 with xpdf-3.02pl1.patch.
>
> NOTE: Other versions may also be affected.
>
> ======================================================================
> 2) Severity
>
> Rating: Highly critical
> Impact: System access
> Where:  Remote
>
> ======================================================================
> 3) Vendor's Description of Software
>
> "Xpdf is an open source viewer for Portable Document Format (PDF)
> files. (These are also sometimes also called 'Acrobat' files, from the
> name of Adobe's PDF software.) The Xpdf project also includes a PDF
> text extractor, PDF-to-PostScript converter, and various other
> utilities.".
>
> Product Link:
> http://www.foolabs.com/xpdf/
>
> ======================================================================
> 4) Description of Vulnerabilities
>
> Secunia Research has discovered some vulnerabilities in Xpdf, which can
> be exploited by malicious people to compromise a user's system.
>
> 1) An array indexing error within the
> "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be
> exploited to corrupt memory via a specially crafted PDF file.
>
> 2) An integer overflow error within the "DCTStream::reset()" method in
> xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow
> via a specially crafted PDF file.
>
> 3) A boundary error within the "CCITTFaxStream::lookChar()" method in
> xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow
> by tricking a user into opening a PDF file containing a specially
> crafted "CCITTFaxDecode" filter.
>
> Successful exploitation may allow execution of arbitrary code.
>
> ======================================================================
> 5) Solution
>
> Do not open untrusted PDF files.
>
> The vendor is reportedly working on a patch.
>
> ======================================================================
> 6) Time Table
>
> 17/10/2007 - Vendor notified.
> 22/10/2007 - vendor-sec notified.
> 19/10/2007 - Vendor response.
> 07/11/2007 - Public disclosure.
>
> ======================================================================
> 7) Credits
>
> Discovered by Alin Rad Pop, Secunia Research.
>
> ======================================================================
> 8) References
>
> The Common Vulnerabilities and Exposures (CVE) project has assigned the
> following CVE identifiers:
> * CVE-2007-4352 ("DCTStream::readProgressiveDataUnit()")
> * CVE-2007-5392 ("DCTStream::reset()")
> * CVE-2007-5393 ("CCITTFaxStream::lookChar()")
>
> ======================================================================
> 9) About Secunia
>
> Secunia offers vulnerability management solutions to corporate
> customers with verified and reliable vulnerability intelligence
> relevant to their specific system configuration:
>
> http://corporate.secunia.com/
>
> Secunia also provides a publicly accessible and comprehensive advisory
> database as a service to the security community and private
> individuals, who are interested in or concerned about IT-security.
>
> http://secunia.com/
>
> Secunia believes that it is important to support the community and to
> do active vulnerability research in order to aid improving the
> security and reliability of software in general:
>
> http://corporate.secunia.com/secunia_research/33/
>
> Secunia regularly hires new skilled team members. Check the URL below
> to see currently vacant positions:
>
> http://secunia.com/secunia_vacancies/
>
> Secunia offers a FREE mailing list called Secunia Security Advisories:
>
> http://secunia.com/secunia_security_advisories/
>
> ======================================================================
> 10) Verification
>
> Please verify this advisory by visiting the Secunia website:
> http://secunia.com/secunia_research/2007-88/
>
> Complete list of vulnerability reports published by Secunia Research:
> http://secunia.com/secunia_research/
>
> ======================================================================
>
> -------------------------------------------------------

More information about the poppler mailing list