exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

secunia-xpdf.txt

secunia-xpdf.txt
Posted Nov 7, 2007
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system. An array indexing error, integer overflow, and boundary error all exist. Xpdf version 3.02 with the xpdf-3.02pl1.patch is affected.

tags | advisory, overflow, vulnerability
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | db7926f6baf6cd881e47ceeba424de373bbceb3b243705bc23d61922f9cb077e

secunia-xpdf.txt

Change Mirror Download
====================================================================== 

Secunia Research 07/11/2007

- Xpdf "Stream.cc" Multiple Vulnerabilities -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

======================================================================
1) Affected Software

* Xpdf 3.02 with xpdf-3.02pl1.patch.

NOTE: Other versions may also be affected.

======================================================================
2) Severity

Rating: Highly critical
Impact: System access
Where: Remote

======================================================================
3) Vendor's Description of Software

"Xpdf is an open source viewer for Portable Document Format (PDF)
files. (These are also sometimes also called 'Acrobat' files, from the
name of Adobe's PDF software.) The Xpdf project also includes a PDF
text extractor, PDF-to-PostScript converter, and various other
utilities.".

Product Link:
http://www.foolabs.com/xpdf/

======================================================================
4) Description of Vulnerabilities

Secunia Research has discovered some vulnerabilities in Xpdf, which can
be exploited by malicious people to compromise a user's system.

1) An array indexing error within the
"DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be
exploited to corrupt memory via a specially crafted PDF file.

2) An integer overflow error within the "DCTStream::reset()" method in
xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow
via a specially crafted PDF file.

3) A boundary error within the "CCITTFaxStream::lookChar()" method in
xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow
by tricking a user into opening a PDF file containing a specially
crafted "CCITTFaxDecode" filter.

Successful exploitation may allow execution of arbitrary code.

======================================================================
5) Solution

Do not open untrusted PDF files.

The vendor is reportedly working on a patch.

======================================================================
6) Time Table

17/10/2007 - Vendor notified.
22/10/2007 - vendor-sec notified.
19/10/2007 - Vendor response.
07/11/2007 - Public disclosure.

======================================================================
7) Credits

Discovered by Alin Rad Pop, Secunia Research.

======================================================================
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned the
following CVE identifiers:
* CVE-2007-4352 ("DCTStream::readProgressiveDataUnit()")
* CVE-2007-5392 ("DCTStream::reset()")
* CVE-2007-5393 ("CCITTFaxStream::lookChar()")

======================================================================
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://corporate.secunia.com/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.

http://secunia.com/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:

http://corporate.secunia.com/secunia_research/33/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/secunia_vacancies/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

======================================================================
10) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2007-88/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close