[Frugalware-git] homepage-ng: FSA316-xpdf

voroskoi voroskoi at frugalware.org
Sat Nov 17 16:44:25 CET 2007


Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=7924e6acae8ffc04b5143fbac19fa4ab0f32448a

commit 7924e6acae8ffc04b5143fbac19fa4ab0f32448a
Author: voroskoi <voroskoi at frugalware.org>
Date:   Sat Nov 17 16:44:15 2007 +0100

FSA316-xpdf

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 272ecb7..0833ff5 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -27,6 +27,23 @@

<fsas>
<fsa>
+		<id>316</id>
+		<date>2007-11-17</date>
+		<author>voroskoi</author>
+		<package>xpdf</package>
+		<vulnerable>3.02-3</vulnerable>
+		<unaffected>3.02-4sayshell1</unaffected>
+		<bts>http://bugs.frugalware.org/task/2558</bts>
+		<cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
+			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
+			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393</cve>
+		<desc>Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system.
+			1) An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.
+			2) An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
+			3) A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter.
+			Successful exploitation allows execution of arbitrary code.</desc>
+	</fsa>
+	<fsa>
<id>315</id>
<date>2007-11-12</date>
<author>vmiklos</author>


More information about the Frugalware-git mailing list