xpdf

• Author: Miklos Vajna
• Vulnerable: 3.02-6
• Unaffected: 3.02-7mores1

Some vulnerabilities have been reported in Xpdf, which can be exploited by malicious people to potentially compromise a user’s system.

1. Multiple integer overflows in “SplashBitmap::SplashBitmap()” can be exploited to cause heap-based buffer overflows.
2. An integer overflow error in “ObjectStream::ObjectStream()” can be exploited to cause a heap-based buffer overflow.
3. Multiple integer overflows in “Splash::drawImage()” can be exploited to cause heap-based buffer overflows.
4. An integer overflow error in “PSOutputDev::doImageL1Sep()” can be exploited to cause a heap-based buffer overflow when converting a PDF document to a PS file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code by tricking a user into opening a specially crafted PDF file.

• Bug Tracker URL: http://bugs.frugalware.org/task/4236

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1188
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609