XPDF multiple integer overflows

xpdf-pdf-bo (17818)

High Risk

Description:

XPDF is vulnerable to multiple unspecified integer overflows. A remote attacker could exploit these vulnerabilities to execute arbitrary code on the system or cause the affected application to crash, if the attacker could persuade the victim to open a malicious PDF document.

Note: This vulnerability also affects other applications that are based off of the XPDF code, including CUPS, gpdf and kdegraphics.

Platforms Affected:

• Canonical, Ubuntu 4.10
• Conectiva, Linux 10
• Conectiva, Linux 9.0
• Debian, Debian Linux 3.0
• Easy Software Products, CUPS
• Foolabs, Xpdf 2.0
• Foolabs, Xpdf 3.0
• Gentoo, Linux
• KDE, KDE 3.2.x
• KDE, KDE 3.3.0
• KDE, KDE 3.3.1
• MandrakeSoft, Mandrake Linux 10.0
• MandrakeSoft, Mandrake Linux 10.0 AMD64
• MandrakeSoft, Mandrake Linux 10.1
• MandrakeSoft, Mandrake Linux 10.1 X86_64
• MandrakeSoft, Mandrake Linux 9.2
• MandrakeSoft, Mandrake Linux 9.2 AMD64
• MandrakeSoft, Mandrake Linux Corporate Server 2.1
• MandrakeSoft, Mandrake Linux Corporate Server 2.1 X86_64
• MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
• MandrakeSoft, Mandrake Linux Corporate Server 3.0
• MandrakeSoft, Mandrake Multi Network Firewall 8.2
• Novell, Linux Desktop 9
• RedHat, Enterprise Linux 2.1 AW
• RedHat, Enterprise Linux 2.1 ES
• RedHat, Enterprise Linux 2.1 AS
• RedHat, Enterprise Linux 2.1 WS
• RedHat, Enterprise Linux 3 Desktop
• RedHat, Enterprise Linux 3 ES
• RedHat, Enterprise Linux 3 AS
• RedHat, Enterprise Linux 3 WS
• RedHat, Enterprise Linux 4 WS
• RedHat, Enterprise Linux 4 AS
• RedHat, Enterprise Linux 4 ES
• RedHat, Enterprise Linux 4 Desktop
• RedHat, Linux Advanced Workstation 2.1 Itanium
• SuSE, Linux Enterprise Server 8
• SuSE, Linux Enterprise Server 9
• SuSE, SuSE Linux 8.1
• SuSE, SuSE Linux 8.2
• SuSE, SuSE Linux 9.0
• SuSE, SuSE Linux 9.1
• SuSE, SuSE Linux 9.2
• SuSE, SuSE Linux
• SuSE, SuSE Linux Desktop 1.0

Remedy:

Apply the appropriate update for your system. See References.

Consequences:

Gain Access

References:

• CIAC Information Bulletin P-019, Red Hat Updated CUPS Packages Fix Security Issues at http://www.ciac.org/ciac/bulletins/p-019.shtml.
• CIAC Information Bulletin P-142, XPDF/GPDF - CUPS Vulnerabilities at http://www.ciac.org/ciac/bulletins/p-142.shtml.
• CIAC INFORMATION BULLETIN P-171, SGI Advanced Linux Environment 3 Security Update #33 at http://www.ciac.org/ciac/bulletins/p-171.shtml.
• Conectiva Linux Security Announcement CLSA-2004:886, Fixes for xpdf vulnerabilities at http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886.
• Xpdf Web site, Xpdf at http://www.foolabs.com/xpdf.
• ASA-2008-179: cups security update (RHSA-2008-0206)
• BID-11501: Xpdf PDFTOPS Multiple Integer Overflow Vulnerabilities
• CVE-2004-0888: Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
• CVE-2005-0206: The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
• DSA-573: cupsys -- integer overflows
• DSA-581: xpdf -- integer overflows
• DSA-599: tetex-bin -- integer overflows
• GLSA-200410-20: Xpdf, CUPS: Multiple integer overflows
• GLSA-200410-30: GPdf, KPDF, KOffice: Vulnerabilities in included xpdf
• GLSA-200411-30: pdftohtml: Vulnerabilities in included Xpdf
• GLSA-200501-31: teTeX, pTeX, CSTeX: Multiple vulnerabilities
• MDKSA-2004:113: Updated xpdf packages fix vulnerabilities
• MDKSA-2004:114: Updated gpdf packages fix DoS vulnerability
• MDKSA-2004:115: Updated kdegraphics packages fix DoS vulnerability
• MDKSA-2004:116: Updated cups packages fix DoS vulnerabilities
• MDKSA-2004:165: Updated koffice packages fix multiple vulnerabilities
• MDKSA-2004:166: Updated tetex packages fix multiple vulnerabilities
• MDKSA-2005:041: Updated cups packages fix vulnerabilities on 64 bit platforms
• MDKSA-2005:042: Updated gpdf packages fix vulnerabilities on 64 bit platforms
• MDKSA-2005:043: Updated xpdf packages fix vulnerabilities on 64 bit platforms
• MDKSA-2005:044: Updated tetex packages fix vulnerabilities on 64 bit platforms
• MDKSA-2005:052: Updated kdegraphics packages fix vulnerabilities
• MDKSA-2005:056: Updated koffice packages fix vulnerabilities on 64 bit platforms
• RHSA-2004-543: cups security update
• RHSA-2004-592: xpdf security update
• RHSA-2005-034: xpdf security update
• RHSA-2005-053: CUPS security update
• RHSA-2005-057: gpdf security update
• RHSA-2005-066: kdegraphics security update
• RHSA-2005-132: cups security update
• RHSA-2005-213: xpdf security update
• RHSA-2005-354: tetex security update
• SUSE-SA:2004:038: libtiff: local privilege escalation
• SUSE-SA:2004:039: xpdf gpdf kdegraphics3-pdf pdftohtml cups: remote system compromise
• SUSE-SA:2004:040: samba: remote denial of service
• SUSE-SR:2004:002: SUSE Security Summary Report
• SUSE-SR:2005:008: SUSE Security Summary Report
• USN-14-1: xpdf vulnerabilities
• USN-9-1: tetex-bin vulnerabilities

Reported:

Oct 21, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page