[Frugalware-git] homepage-ng: FSA316-xpdf
voroskoi
voroskoi at frugalware.org
Sat Nov 17 16:44:25 CET 2007
Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=7924e6acae8ffc04b5143fbac19fa4ab0f32448a
commit 7924e6acae8ffc04b5143fbac19fa4ab0f32448a
Author: voroskoi <voroskoi at frugalware.org>
Date: Sat Nov 17 16:44:15 2007 +0100
FSA316-xpdf
diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 272ecb7..0833ff5 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -27,6 +27,23 @@
<fsas>
<fsa>
+ <id>316</id>
+ <date>2007-11-17</date>
+ <author>voroskoi</author>
+ <package>xpdf</package>
+ <vulnerable>3.02-3</vulnerable>
+ <unaffected>3.02-4sayshell1</unaffected>
+ <bts>http://bugs.frugalware.org/task/2558</bts>
+ <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393</cve>
+ <desc>Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system.
+ 1) An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.
+ 2) An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
+ 3) A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter.
+ Successful exploitation allows execution of arbitrary code.</desc>
+ </fsa>
+ <fsa>
<id>315</id>
<date>2007-11-12</date>
<author>vmiklos</author>
More information about the Frugalware-git
mailing list