[poppler] Secunia Research: Xpdf "Stream.cc" Multiple Vulnerabilities

Brad Hards bradh at frogmouth.net
Sat Nov 10 16:58:23 PST 2007 

On Thursday 08 November 2007 02:42, Secunia Research wrote:
> ======================================================================
> 1) Affected Software
>
> * Xpdf 3.02 with xpdf-3.02pl1.patch.
>
> NOTE: Other versions may also be affected.
These vulnerabilities also affect the poppler library for versions prior to 
0.6.2. The code is essentially the same.

See http://poppler.freedesktop.org

> ======================================================================
> 5) Solution
>
> Do not open untrusted PDF files.
>
> The vendor is reportedly working on a patch.
There is a patch available for xpdf from the vendors website
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch

For poppler, I suggest you upgrade to 0.6.2, which has the pl2 fixes merged:
http://poppler.freedesktop.org/poppler-0.6.2.tar.gz.

Poppler 0.6.2 incorporates the following changes (relative to 0.6.1):

poppler core:
 * Fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393
 * Fix a crash on documents with wrong CCITTFaxStream
 * Fix a crash in the Cairo renderer with invalid embedded fonts
 * Fix a crash with invalid TrueType fonts
 * Check if font is inside the clip area before rendering
   it to a temporary bitmap in the Splash renderer. Fixes crashes on
   incorrect documents
 * Do not use exit(1) on DCTStream errors
 * Detect form fields at any depth level
 * Do not generate appearance stream for radio buttons that are not active
 * mingw fixes

build system:
 * Require fontconfig >= 2.0
 * builddir != srcdir fixes

Qt4 frontend:
 * Improved documentation

misc:
 * Fix FSF address

If you are patching xpdf for GPL release, you might like to extract the crash 
fixes from poppler 0.6.2 and incorporate those as well. See: 
http://cgit.freedesktop.org/poppler/poppler/log/?h=poppler-0.6

Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/poppler/attachments/20071111/bb29db3a/attachment.pgp

More information about the poppler mailing list