Issue 101156 - xpdf security-buggy
Summary: xpdf security-buggy
Status: CLOSED FIXED
Alias: None
Product: extensions
Classification: Extensions
Component: pdfimport (show other issues)
Version: current
Hardware: Other All
: P2 Trivial (vote)
Target Milestone: ---
Assignee: wolframgarten
QA Contact: wolframgarten
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-04-17 12:29 UTC by rene
Modified: 2009-04-29 14:34 UTC (History)
4 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description rene 2009-04-17 12:29:26 UTC 
[ afais also in 3.1 ]

http://rhn.redhat.com/errata/RHSA-2009-0430.html

--- snip ---
Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. An
attacker could create a malicious PDF file that would cause Xpdf to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0147,
CVE-2009-1179)

Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. An
attacker could create a malicious PDF file that would cause Xpdf to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0146,
CVE-2009-1182)

Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the
freeing of arbitrary memory. An attacker could create a malicious PDF file
that would cause Xpdf to crash or, potentially, execute arbitrary code when
opened. (CVE-2009-0166, CVE-2009-1180)

Multiple input validation flaws were found in Xpdf's JBIG2 decoder. An
attacker could create a malicious PDF file that would cause Xpdf to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0800)

Multiple denial of service flaws were found in Xpdf's JBIG2 decoder. An
attacker could create a malicious PDF that would cause Xpdf to crash when
opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)
--- snip ---
Comment 1 Martin Hollmichel 2009-04-22 14:06:04 UTC 
change component
Comment 2 philipp.lohmann 2009-04-22 14:58:46 UTC 
.
Comment 3 philipp.lohmann 2009-04-22 19:34:27 UTC 
brought xpdf up to 3.02pl3 including the JBIG changes (see
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch)
Comment 4 philipp.lohmann 2009-04-22 19:46:17 UTC 
please verify in CWS rnwinr01
Comment 5 wolframgarten 2009-04-23 09:36:25 UTC 
Verified in CWS.
Comment 6 wolframgarten 2009-04-29 14:34:51 UTC 
Closed.