ISS X-Force Database: xpdf-dctstreamreset-bo(38303): Xpdf DCTStream::reset() buffer overflow

Xpdf DCTStream::reset() buffer overflow

xpdf-dctstreamreset-bo (38303)

High Risk

Description:

Xpdf is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the DCTStream::reset() function. By persuading a victim to open a specially-crafted PDF file, a remote attacker could overflow a buffer and execute arbitrary code on the system.

Platforms Affected:

Canonical, Ubuntu 6.06 LTS
Canonical, Ubuntu 6.10
Canonical, Ubuntu 7.04
Canonical, Ubuntu 7.10
Debian, Debian Linux 4.0
Gentoo, Linux
Glyph & Cog, Xpdf 3.02
Glyph & Cog, Xpdf 3.02pl1.patch
KDE, KDE 3.2.0 to 3.5.8
KDE, KOffice 1.x
MandrakeSoft, Mandrake Linux 2007 X86_64
MandrakeSoft, Mandrake Linux 2007
MandrakeSoft, Mandrake Linux 2007.1 X86_64
MandrakeSoft, Mandrake Linux 2007.1
MandrakeSoft, Mandrake Linux 2008.0 X86_64
MandrakeSoft, Mandrake Linux 2008.0
MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
MandrakeSoft, Mandrake Linux Corporate Server 3.0
MandrakeSoft, Mandrake Linux Corporate Server 4.0 X86_64
MandrakeSoft, Mandrake Linux Corporate Server 4.0
Novell, Linux Desktop 9
Novell, Linux POS 9
Novell, Open Enterprise Server
Novell, Open Enterprise Server
Novell, OpenSUSE 10.2
Novell, OpenSUSE 10.3
Novell, SLE SDK 10 SP1
Novell, SUSE Linux Enterprise Desktop 10 SP1
Novell, SUSE Linux Enterprise Server 10
Novell, SUSE Linux Enterprise Server 10 SP1
Novell, UnitedLinux 1.0
RedHat, Enterprise Linux 3 WS
RedHat, Enterprise Linux 3 Desktop
RedHat, Enterprise Linux 3 AS
RedHat, Enterprise Linux 3 ES
RedHat, Enterprise Linux 4 ES
RedHat, Enterprise Linux 4 WS
RedHat, Enterprise Linux 4 Desktop
RedHat, Enterprise Linux 4 AS
RedHat, Enterprise Linux 5 Client
RedHat, Enterprise Linux 5
RedHat, Enterprise Linux 5 Client Workstation
SuSE, SLE SDK 10
SuSE, SLES SDK 9
SuSE, SuSE Linux 10.0
SuSE, SuSE Linux 10.1
SuSE, SuSE Linux Enterprise Server 8.0
SuSE, SuSE Linux OpenExchange Server 4
SuSE, SuSE Linux Retail Solution 8
SuSE, SuSE Linux School Server
SuSE, SuSE Linux Standard Server 8
SuSE, SuSE SLES 9
Turbolinux, Turbolinux 10 Server
Turbolinux, Turbolinux 10 Server x64 Ed
Turbolinux, Turbolinux 11 Server
Turbolinux, Turbolinux 11 Server x64 Ed
Turbolinux, Turbolinux FUJI
Turbolinux, Turbolinux Multimedia
Turbolinux, Turbolinux Personal
Turbolinux, Turbolinux wizpy
Turbolinux, Turbolinux Appliance Server 1.0 Hosting Ed
Turbolinux, Turbolinux Appliance Server 1.0 Workgroup Ed
Turbolinux, Turbolinux Appliance Server 2.0

Remedy:

Refer to KDE Security Advisory 2007-11-07 for patch information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

Consequences:

Gain Access

References:

KDE Security Advisory 2007-11-07, kpdf/kword/xpdf multiple xpdf based vulnerabilities at http://www.kde.org/info/security/advisory-20071107-1.txt.
Secunia Research 07/11/2007, Xpdf "Stream.cc" Multiple Vulnerabilities at http://secunia.com/secunia_research/2007-88/advisory/.
Xpdf Web site, Xpdf at http://www.foolabs.com/xpdf/.
ASA-2007-466: xpdf security update (RHSA-2007-1029)
ASA-2007-473: gpdf security update (RHSA-2007-1025)
ASA-2007-491: kdegraphics security update (RHSA-2007-1024)
ASA-2007-498: CUPS security update (RHSA-2007-1022)
BID-26367: Xpdf Multiple Remote Stream.CC Vulnerabilities
CVE-2007-5392: Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
DSA-1480: poppler -- several vulnerabilities
DSA-1509: koffice -- multiple vulnerabilities
DSA-1537: xpdf -- several vulnerabilities
FrSIRT/ADV-2007-3774: Xpdf Stream.cc PDF Handling Multiple Code Execution Vulnerabilities
FrSIRT/ADV-2007-3775: CUPS Xpdf Stream.cc Multiple Command Execution Vulnerabilities
FrSIRT/ADV-2007-3776: KDE and KOffice Xpdf Stream.cc Multiple Code Execution Vulnerabilities
FrSIRT/ADV-2007-3779: Poppler Xpdf Stream.cc Multiple Command Execution Vulnerabilities
FrSIRT/ADV-2007-3786: teTeX Xpdf Stream.cc PDF File Multiple Code Execution Vulnerabilities
GLSA-200711-22: Poppler, KDE: User-assisted execution of arbitrary code
GLSA-200711-34: CSTeX: Multiple vulnerabilities
MDKSA-2007:219: Updated xpdf packages fix vulnerabilities
MDKSA-2007:220: Updated gpdf packages fix vulnerabilities
MDKSA-2007:221: Updated kdegraphics packages fix vulnerabilities in kpdf
MDKSA-2007:222: Updated koffice packages fix vulnerabilities
MDKSA-2007:223: Updated pdftohtml packages fix vulnerabilities
MDKSA-2007:227: Updated poppler packages fix vulnerabilities
MDKSA-2007:228: Updated cups packages fix vulnerabilities
MDKSA-2007:230: Updated tetex packages fix vulnerabilities
RHSA-2007-1021: Important: cups security update
RHSA-2007-1022: Important: cups security update
RHSA-2007-1024: Important: kdegraphics security update
RHSA-2007-1025: Important: gpdf security update
RHSA-2007-1026: Important: poppler security update
RHSA-2007-1027: Important: tetex security update
RHSA-2007-1029: Important: xpdf security update
RHSA-2007-1030: Important: xpdf security update
SA26503: GNOME gpdf "Stream.cc" Multiple Vulnerabilities
SA27260: Xpdf "Stream.cc" Multiple Vulnerabilities
SA27553: Poppler "Stream.cc" Multiple Vulnerabilities
SA27578: KDE and KOffice "Stream.cc" Multiple Vulnerabilities
SECTRACK ID: 1018905: Xpdf Bugs in streams and t1lib Let Remote Users Execute Arbitrary Code
SUSE-SA:2007:060: XPDF security problems

Reported:

Nov 07, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page