Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200711-22 ] Poppler, KDE: User-assisted execution of arbitrary code
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2663

PostPosted: Sun Nov 18, 2007 9:26 pm    Post subject: [ GLSA 200711-22 ] Poppler, KDE: User-assisted execution of Reply with quote

Gentoo Linux Security Advisory

Title: Poppler, KDE: User-assisted execution of arbitrary code (GLSA 200711-22)
Severity: normal
Exploitable: remote
Date: November 18, 2007
Bug(s): #196735, #198409
ID: 200711-22

Synopsis

Poppler and various KDE components are vulnerable to multiple memory management issues possibly resulting in the execution of arbitrary code.

Background

Poppler is a cross-platform PDF rendering library originally based on Xpdf. KOffice is an integrated office suite for KDE. KWord is the KOffice word processor. KPDF is a KDE-based PDF viewer included in the kdegraphics package.

Affected Packages

Package: app-text/poppler
Vulnerable: < 0.6.1-r1
Unaffected: >= 0.6.1-r1
Architectures: All supported architectures

Package: kde-base/kpdf
Vulnerable: < 3.5.8-r1
Unaffected: >= 3.5.7-r3 < 3.5.8
Unaffected: >= 3.5.8-r1
Architectures: All supported architectures

Package: kde-base/kdegraphics
Vulnerable: < 3.5.8-r1
Unaffected: >= 3.5.7-r3 < 3.5.8
Unaffected: >= 3.5.8-r1
Architectures: All supported architectures

Package: app-office/kword
Vulnerable: < 1.6.3-r2
Unaffected: >= 1.6.3-r2
Architectures: All supported architectures

Package: app-office/koffice
Vulnerable: < 1.6.3-r2
Unaffected: >= 1.6.3-r2
Architectures: All supported architectures


Description

Alin Rad Pop (Secunia Research) discovered several vulnerabilities in the "Stream.cc" file of Xpdf: An integer overflow in the DCTStream::reset() method and a boundary error in the CCITTFaxStream::lookChar() method, both leading to heap-based buffer overflows (CVE-2007-5392, CVE-2007-5393). He also discovered a boundary checking error in the DCTStream::readProgressiveDataUnit() method causing memory corruption (CVE-2007-4352). Note: Gentoo's version of Xpdf is patched to use the Poppler library, so the update to Poppler will also fix Xpdf.

Impact

By enticing a user to view or process a specially crafted PDF file with KWord or KPDF or a Poppler-based program such as Gentoo's viewers Xpdf, ePDFView, and Evince or the CUPS printing system, a remote attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All Poppler users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/poppler-0.6.1-r1"
All KPDF users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.5.7-r3"
All KDE Graphics Libraries users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.5.7-r3"
All KWord users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/kword-1.6.3-r2"
All KOffice users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/koffice-1.6.3-r2"


References

CVE-2007-4352
CVE-2007-5392
CVE-2007-5393


Last edited by GLSA on Thu Jan 15, 2009 4:18 am; edited 2 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum