iDEFENSE Security Advisory 12.05.05 - Local exploitation of a heap-based buffer overflow vulnerability in xpdf, as included by multiple vendor's software distributions, could allow attackers to cause a denial of service (DoS) condition, potentially resulting in arbitrary code execution. The vulnerability specifically exists due to insufficient input validation in the DCT stream parsing code. The DCTStream::readProgressiveSOF function from xpdf/Stream.cc takes the value of numComps from user-controllable data from within the PDF file. The numComps value is used in a loop to copy data from the file into a pre-allocated buffer in the heap. iDefense has confirmed the existence of this vulnerability in xpdf 3.01. All earlier versions of xpdf are suspected vulnerable.
c6103f732bea5f0f3b3c1eccfb9724f0b4ae65ebb4bcbf19c83b3651216ae70d