P-087: Buffer Overflow in xpdf Privacy and Legal Notice

CIAC INFORMATION BULLETIN

P-087: Buffer Overflow in xpdf
SUPERCEDED BY CIAC BULLETIN P-142

[DSA-619-1 xpdf -- buffer overflow]

 January 3, 2005 20:00 GMT
[REVISED 13 Jan 2005]
[REVISED 27 Jan 2005]
[revised 18 fEB 2005]
PROBLEM: A vulnerability was discovered in xpdf, the portable document format (PDF) suite.
PLATFORM: Debian GNU/Linux 3.0 (woody)
Fedora Core 2
Fedora Core 3
Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS, ES, WS (v. 3)
DAMAGE: A maliciously crafted PDF file may cause a buffer overflow in xpdf and may allow the attacker to execute arbitrary code.
SOLUTION: Apply the available security updates.
VULNERABILITY
ASSESSMENT:		 The risk is MEDIUM. May allow arbitrary code execution as the user running xpdf. (See also: CIAC Bulletin P-088)
LINKS:  
  CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/p-087.shtml
  ORIGINAL BULLETIN: http://www.debian.org/security/2004/dsa-619
  ADDITIONAL LINKS: https://www.redhat.com/archives/fedora-announce-list/2004-December/msg00099.html
https://www.redhat.com/archives/fedora-announce-list/2004-December/msg00102.html
   Red Hat RHSA-2005:013-20
https://rhn.redhat.com/errata/RHSA-2005-013.html
   Red Hat RHSA-2005:018-04
https://rhn.redhat.com/errata/RHSA-2005-018.html
   SGI Security Advisory #20050101-01-U Security Update #23
http://www.sgi.com/support/security/advisories.html
  CVE/CAN: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-1125 
REVISION HISTORY:
01/13/2005 - added links to Red Hat RHSA-2005:013-20 and RHSA-2005:018-04.
01/27/2005- added a link to SGI Security Advisory #20050101-01-U for SGI 
            Advanced Linux Enterprise 3 Security Update #23.
02/18/2005 - Superceded by CIAC Bulletin P-142.


[***** Start DSA-619-1 xpdf -- buffer overflow *****]

Debian Security Advisory
DSA-619-1 xpdf -- buffer overflow
Date Reported: 30 Dec 2004 
Affected Packages: xpdf 
Vulnerable: Yes 
Security database references: 
In the Debian bugtracking system: Bug 286742, Bug 286983.
In Mitre's CVE dictionary: CAN-2004-1125.

More information: 
An iDEFENSE security researcher discovered a buffer overflow in xpdf, the portable document format (PDF) suite. A maliciously crafted PDF file could exploit this problem, resulting in the execution of arbitrary code.

For the stable distribution (woody) this problem has been fixed in version 1.00-3.3.

For the unstable distribution (sid) this problem has been fixed in version 3.00-11.

We recommend that you upgrade your xpdf package immediately.

Fixed in: 
Debian GNU/Linux 3.0 (woody)




Source:
  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.3.dsc

  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.3.diff.gz

  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00.orig.tar.gz


Architecture-independent component:
  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_1.00-3.3_all.deb

  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.3_all.deb


Alpha:
  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_alpha.deb

  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_alpha.deb


ARM:
  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_arm.deb

  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_arm.deb


Intel IA-32:
  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_i386.deb

  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_i386.deb


Intel IA-64:
  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_ia64.deb

  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_ia64.deb


HPPA:
  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_hppa.deb

  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_hppa.deb


Motorola 680x0:
  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_m68k.deb

  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_m68k.deb


Big endian MIPS:
  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_mips.deb

  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_mips.deb


Little endian MIPS:
  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_mipsel.deb

  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_mipsel.deb


PowerPC:
  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_powerpc.deb

  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_powerpc.deb


IBM S/390:
  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_s390.deb

  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_s390.deb


Sun Sparc:
  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.3_sparc.deb

  
http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.3_sparc.deb




MD5 checksums of the listed files are available in the original advisory.




[***** End DSA-619-1 xpdf -- buffer overflow *****]
CIAC wishes to acknowledge the contributions of Debian for the information contained in this bulletin.
DOE-CIRC can be contacted at: 
    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/