Debian Security Advisory 1537-1 - Alin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf, a set of tools for display and conversion of Portable Document Format (PDF) files.
a2b802b314090bc3787a75eb0ebdd17fcb5b1e6f2c714ca4a4c46aa2b2d26bd4Debian Security Advisory 1509-1 - Several vulnerabilities have been discovered in xpdf code that is embedded in koffice, an integrated office suite for KDE. These flaws could allow an attacker to execute arbitrary code by inducing the user to import a specially crafted PDF document.
3cafc58955e44606c4813c3f8ab000b29bd0094c0bcea45a7d1e932a6b8daecfDebian Security Advisory 1480-1 - Alin Rad Pop discovered several buffer overflows in the Poppler PDF library, which could allow the execution of arbitrary code if a malformed PDF file is opened.
351f35d4a89cf79f04f78425068edefe418915d70daa17fd52690d59d2bf1972Mandriva Linux Security Advisory - A flaw in the t1lib library where an attacker could create a malicious file that would cause tetex to crash or possibly execute arbitrary code when opened. Alin Rad Pop found several flaws in how PDF files are handled in tetex. An attacker could create a malicious PDF file that would cause tetex to crash or potentially execute arbitrary code when opened. A stack-based buffer overflow in dvips in tetex allows for user-assisted attackers to execute arbitrary code via a DVI file with a long href tag. A vulnerability in dvips in tetex allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. Multiple buffer overflows in dviljk in tetext may allow users-assisted attackers to execute arbitrary code via a crafted DVI input file.
0f991775c30cb8dd149ffa43aa740074474f1908da8c8544dd63843d28effc58Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in cups. An attacker could create a malicious PDF file that would cause cups to crash or potentially execute arbitrary code when opened.
26f792baa8eac68c8351e87ce1a11aa8ddc0a8dc5454c7e57a98ebcc1aa8bbb4Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in poppler. An attacker could create a malicious PDF file that would cause poppler to crash or potentially execute arbitrary code when opened.
825fff34785109cf16b4ef4d19fe2069bdac7502d154d456862ff55a09f80ac0Gentoo Linux Security Advisory GLSA 200711-22 - Alin Rad Pop (Secunia Research) discovered several vulnerabilities in the Stream.cc file of Xpdf: An integer overflow in the DCTStream::reset() method and a boundary error in the CCITTFaxStream::lookChar() method, both leading to heap-based buffer overflows. He also discovered a boundary checking error in the DCTStream::readProgressiveDataUnit() method causing memory corruption. Note: Gentoo's version of Xpdf is patched to use the Poppler library, so the update to Poppler will also fix Xpdf. Versions less than 0.6.1-r1 are affected.
5f52b9f84d9302e6e300d1d2e51875e562148246b4abd18aa941c15e42413c79Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in pdftohtml. An attacker could create a malicious PDF file that would cause pdftohtml to crash or potentially execute arbitrary code when opened.
4d617075810c4ec96a79a14e5d07d775f7c1b109e1d2b61860085c913b9cadd8Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in koffice. An attacker could create a malicious PDF file that would cause koffice to crash or potentially execute arbitrary code when opened.
00011fc59b752c2ff881ecce8c41355af5d2a961ea20a553f7f3c7603cf84abfMandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in kpdf. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened.
5892f55d39db5175066b50606277442cbd55457c7ece2f3dc989861b04e657c6Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in gpdf. An attacker could create a malicious PDF file that would cause gpdf to crash or potentially execute arbitrary code when opened.
8a28188238054dc22c3e3b02e4cec0465ebabb7e550bbba1425252d618648e2cMandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in xpdf. An attacker could create a malicious PDF file that would cause xpdf to crash or potentially execute arbitrary code when opened.
99546d27939433796467df61148f5135aec855b704c2ef4efc6f14747d7f224cUbuntu Security Notice 542-2 - USN-542-1 fixed a vulnerability in poppler. This update provides the corresponding updates for KWord, part of KOffice. Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges in applications linked against poppler.
e9318627f214f231de15eea94149771dd037cc830d63ac842e1656b9659673a3SUSE Security Announcement - Secunia Research reported three security bugs in xpdf. The first problem occurs while indexing an array in DCTStream:: readProgressiveDataUnit(). Another method in the same class named reset() is vulnerable to an integer overflow which leads to an overflow on the heap. The last bug also causes an overflow on the heap but this time in method lookChar() of class CCITTFaxStream.
5f88e680d2da9bf0a5cf06f3bcdfb825ad1ada6a02114a0c38c121fd3358df12Ubuntu Security Notice 542-1 - Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges in applications linked against poppler.
de02dcf4b1c56547ae229931ba3e629be0c36f1b5a080791408fb775db6cacc1Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system. An array indexing error, integer overflow, and boundary error all exist. Xpdf version 3.02 with the xpdf-3.02pl1.patch is affected.
db7926f6baf6cd881e47ceeba424de373bbceb3b243705bc23d61922f9cb077e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed