CVE-2004-1125
CVSS9.3
发布时间 :2005-01-10 00:00:00
修订时间 :2016-10-17 22:51:25
NMCOPS    

[原文]Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.


[CNNVD]xpdf Gfx.c 缓冲区溢出漏洞(CNNVD-200501-135)

        Xpdf是一款开源的查看PDF文件程序。
        Xpdf 3.00版本中fx.cc文件的Gfx::doImage()函数存在缓冲区溢出漏洞。多个使用该软件的产品(如KDE中的tetex-bin/kpdf)均存在该漏洞。
        由于Gfx::doImage()函数循环的边界大于存储缓冲区,maskColors数组被填充的时候,可导致本地变量和其他栈内存覆盖,利用精心构建PDF文件,攻击者可执行任意指令。

- CVSS (基础分值)

CVSS分值: 9.3 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-20 [输入验证不恰当]

- CPE (受影响的平台与产品)

cpe:/a:easy_software_products:cups:1.1.20
cpe:/a:xpdf:xpdf:3.0
cpe:/o:kde:kde:3.2.3
cpe:/o:kde:kde:3.3.2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10830Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1125
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1125
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-135
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch
(UNKNOWN)  CONFIRM  ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
(UNKNOWN)  SCO  SCOSA-2005.42
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921
(UNKNOWN)  CONECTIVA  CLA-2005:921
http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html
(UNKNOWN)  FULLDISC  20041223 [USN-48-1] xpdf, tetex-bin vulnerabilities
http://marc.info/?t=110378596500001&r=1&w=2
(UNKNOWN)  BUGTRAQ  20041228 KDE Security Advisory: kpdf Buffer Overflow Vulnerability
http://securitytracker.com/id?1012646
(UNKNOWN)  SECTRACK  1012646
http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml
(UNKNOWN)  GENTOO  GLSA-200412-25
http://www.gentoo.org/security/en/glsa/glsa-200501-13.xml
(UNKNOWN)  GENTOO  GLSA-200501-13
http://www.gentoo.org/security/en/glsa/glsa-200501-17.xml
(UNKNOWN)  GENTOO  GLSA-200501-17
http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities
(UNKNOWN)  IDEFENSE  20041221 Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability
http://www.kde.org/info/security/advisory-20041223-1.txt
(UNKNOWN)  CONFIRM  http://www.kde.org/info/security/advisory-20041223-1.txt
http://www.novell.com/linux/security/advisories/2005_01_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:001
http://www.redhat.com/support/errata/RHSA-2005-013.html
(UNKNOWN)  REDHAT  RHSA-2005:013
http://www.redhat.com/support/errata/RHSA-2005-018.html
(UNKNOWN)  REDHAT  RHSA-2005:018
http://www.redhat.com/support/errata/RHSA-2005-026.html
(UNKNOWN)  REDHAT  RHSA-2005:026
http://www.redhat.com/support/errata/RHSA-2005-034.html
(UNKNOWN)  REDHAT  RHSA-2005:034
http://www.redhat.com/support/errata/RHSA-2005-053.html
(UNKNOWN)  REDHAT  RHSA-2005:053
http://www.redhat.com/support/errata/RHSA-2005-057.html
(UNKNOWN)  REDHAT  RHSA-2005:057
http://www.redhat.com/support/errata/RHSA-2005-066.html
(UNKNOWN)  REDHAT  RHSA-2005:066
http://www.redhat.com/support/errata/RHSA-2005-354.html
(UNKNOWN)  REDHAT  RHSA-2005:354
http://www.securityfocus.com/bid/12070
(VENDOR_ADVISORY)  BID  12070
http://www.ubuntulinux.org/support/documentation/usn/usn-50-1
(UNKNOWN)  UBUNTU  USN-50-1
http://xforce.iss.net/xforce/xfdb/18641
(UNKNOWN)  XF  xpdf-gfx-doimage-bo(18641)
https://bugzilla.fedora.us/show_bug.cgi?id=2352
(UNKNOWN)  FEDORA  FLSA:2352
https://bugzilla.fedora.us/show_bug.cgi?id=2353
(UNKNOWN)  FEDORA  FLSA:2353

- 漏洞信息

xpdf Gfx.c 缓冲区溢出漏洞
高危 缓冲区溢出
2005-01-10 00:00:00 2006-03-28 00:00:00
远程  
        Xpdf是一款开源的查看PDF文件程序。
        Xpdf 3.00版本中fx.cc文件的Gfx::doImage()函数存在缓冲区溢出漏洞。多个使用该软件的产品(如KDE中的tetex-bin/kpdf)均存在该漏洞。
        由于Gfx::doImage()函数循环的边界大于存储缓冲区,maskColors数组被填充的时候,可导致本地变量和其他栈内存覆盖,利用精心构建PDF文件,攻击者可执行任意指令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.foolabs.com/xpdf/download.html

- 漏洞信息 (F35507)

KDE Security Advisory 2004-12-23.1 (PacketStormID:F35507)
2004-12-31 00:00:00
KDE Desktop  kde.org
advisory,overflow
CVE-2004-1125
[点击下载]

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


KDE Security Advisory: kpdf Buffer Overflow Vulnerability
Original Release Date: 2004-12-23
URL: http://www.kde.org/info/security/advisory-20041223-1.txt

0. References

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
        http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities


1. Systems affected:

        KDE 3.2 up to including KDE 3.2.3.
        KDE 3.3 up to including KDE 3.3.2.


2. Overview:

        kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
        a buffer overflow that can be triggered by a specially 
        crafted PDF file.


3. Impact:

        Remotely supplied pdf files can be used to execute arbitrary
        code on the client machine.


4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        Patch for KDE 3.2.3 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        6f345c4b89f0bc27522f5d62bfd941cd  post-3.2.3-kdegraphics-2.diff

        Patch for KDE 3.3.2 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        0ac92868d3b84284e54877e32cde521f  post-3.3.2-kdegraphics.diff


6. Time line and credits:

        21/12/2004 KDE Security Team alerted by Matthias Geerdsen
        22/12/2004 Patch from xpdf 3.00pl2 applied to KDE CVS and patches
                   prepared.
        23/12/2004 Public disclosure.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBymz5vsXr+iuy1UoRAgtzAJ9XJZax9tSD29d2ax2kfZ7AOUVNVgCg1GmS
1KHQE843oYavbPBPXVNPJFM=
=BiPb
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F35470)

iDEFENSE Security Advisory 2004-12-21.t (PacketStormID:F35470)
2004-12-31 00:00:00
iDefense Labs  idefense.com
advisory,remote,overflow,arbitrary
linux
CVE-2004-1125
[点击下载]

iDEFENSE Security Advisory 12.21.2004 - Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer, as included in multiple Linux distributions, could allow attackers to execute arbitrary code as the user viewing a PDF file. The offending code can be found in the Gfx::doImage() function in the source file xpdf/Gfx.cc.

Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability 

iDEFENSE Security Advisory 12.21.04
www.idefense.com/application/poi/display?id=172&type=vulnerabilities
December 21, 2004

I. BACKGROUND

Xpdf is an open-source viewer for Portable Document Format (PDF) files.

II. DESCRIPTION

Remote exploitation of a buffer overflow vulnerability in the xpdf PDF 
viewer, as included in multiple Linux distributions, could allow 
attackers to execute arbitrary code as the user viewing a PDF file. The 
offending code can be found in the Gfx::doImage() function in the source

file xpdf/Gfx.cc. 

void Gfx::doImage(Object *ref, Stream *str, GBool inlineImg) {
  Dict *dict;
  int width, height;
  int bits;
  GBool mask;
  GBool invert;
  GfxColorSpace *colorSpace;
  GfxImageColorMap *colorMap;
  Object maskObj;
  GBool haveMask;
  int maskColors[2*gfxColorMaxComps];
  Object obj1, obj2;
  int i;

  ...
    // get the mask
    haveMask = gFalse;
    dict->lookup("Mask", &maskObj);
        if (maskObj.isArray()) {
          for (i = 0; i < maskObj.arrayGetLength(); ++i) {
        maskObj.arrayGet(i, &obj1);
[!]         maskColors[i] = obj1.getInt();
            obj1.free();
          }
          haveMask = gTrue;
        }
  ...
}  


Due to the fact that the loop boundaries are not less than the storage 
area, the maskColors array is eventually filled up. After that, local 
variables and other stack memory is overwritten. This ultimately leads 
to control of program flow and arbitrary code execution.

III. ANALYSIS

The severity of this issue is mitigated by the fact that several of the 
local overwritten variables in doImage() are referenced prior to EIP 
being restored; therefore, before the attack gains control of the target

process. However, an attacker with knowledge of the remote operating 
system can construct and validate a malicious payload before attempting 
exploitation, thus increasing the chances of success. An attacker must 
convince a target user to open the malicious file to exploit this 
vulnerability.

IV. DETECTION

iDEFENSE has confirmed the existence of this vulnerability in version 
3.00 of xpdf. It is suspected previous versions are also vulnerable. 

The following Linux distributions are affected by this vulnerability:

	SUSE Linux 
	Redhat Linux 
	Fedora Linux 
	Debian Linux 
	Gentoo Linux 
	FreeBSD (ports) 
	OpenBSD 

V. WORKAROUND

Only open PDF files from trusted individuals.

VI. VENDOR RESPONSE

A patch to address this vulnerability is available from:

    ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch

Updated binaries (version 3.00pl2) are available from:

    http://www.foolabs.com/xpdf/download.html

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
names CAN-2004-1125 to these issues. This is a candidate for inclusion
in the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

11/23/2004  Initial vendor notification
11/29/2004  Initial vendor response
12/21/2004  Coordinated public disclosure

IX. CREDIT

The discoverer of this vulnerability wishes to remain anonymous.

Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

X. LEGAL NOTICES

Copyright (c) 2004 iDEFENSE, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
    

- 漏洞信息

12554
Multiple Vendor pdf Gfx::doImage() Function Overflow
Input Manipulation
Loss of Integrity
Vendor Verified, Coordinated Disclosure

- 漏洞描述

- 时间线

2004-12-21 2004-11-23
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, vendors have released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

XPDF DoImage Remote Buffer Overflow Vulnerability
Boundary Condition Error 12070
Yes No
2004-12-21 12:00:00 2006-11-30 04:45:00
This issue was discovered by an anonymous researcher.

- 受影响的程序版本

Xpdf Xpdf 3.0 0
Xpdf Xpdf 2.0 3
Xpdf Xpdf 2.0 2
+ Red Hat Enterprise Linux AS 3
+ Red Hat Enterprise Linux AS 3
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ RedHat Enterprise Linux WS 3
+ RedHat Enterprise Linux WS 3
Xpdf Xpdf 2.0 1
Xpdf Xpdf 2.0
Xpdf Xpdf 1.0 1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.2
teTeX teTeX 2.0.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 10.0
+ rPath rPath Linux 1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
teTeX teTeX 1.0.7
teTeX teTeX 1.0.6
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Debian Linux 2.2
+ Red Hat Linux 6.2
+ Red Hat Linux 6.2
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.2 alpha
SGI ProPack 3.0
SCO Open Server 6.0
SCO Open Server 5.0.7
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
S.u.S.E. Linux 7.3 sparc
S.u.S.E. Linux 7.3 ppc
S.u.S.E. Linux 7.3 i386
S.u.S.E. Linux 7.3
S.u.S.E. Linux 7.2 i386
S.u.S.E. Linux 7.2
S.u.S.E. Linux 7.1 x86
S.u.S.E. Linux 7.1 sparc
S.u.S.E. Linux 7.1 ppc
S.u.S.E. Linux 7.1 alpha
S.u.S.E. Linux 7.1
S.u.S.E. Linux 7.0 sparc
S.u.S.E. Linux 7.0 ppc
S.u.S.E. Linux 7.0 i386
S.u.S.E. Linux 7.0 alpha
S.u.S.E. Linux 7.0
S.u.S.E. Linux 6.4 ppc
S.u.S.E. Linux 6.4 i386
S.u.S.E. Linux 6.4 alpha
S.u.S.E. Linux 6.4
S.u.S.E. Linux 6.3 ppc
S.u.S.E. Linux 6.3 alpha
S.u.S.E. Linux 6.3
S.u.S.E. Linux 6.2
S.u.S.E. Linux 6.1 alpha
S.u.S.E. Linux 6.1
S.u.S.E. Linux 6.0
S.u.S.E. Linux 5.3
S.u.S.E. Linux 5.2
S.u.S.E. Linux 5.1
S.u.S.E. Linux 5.0
S.u.S.E. Linux 4.4.1
S.u.S.E. Linux 4.4
S.u.S.E. Linux 4.3
S.u.S.E. Linux 4.2
S.u.S.E. Linux 4.0
S.u.S.E. Linux 3.0
S.u.S.E. Linux 2.0
S.u.S.E. Linux 1.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
PDFTOHTML PDFTOHTML 0.36
+ Gentoo Linux
PDFTOHTML PDFTOHTML 0.35
PDFTOHTML PDFTOHTML 0.34
PDFTOHTML PDFTOHTML 0.33 a
PDFTOHTML PDFTOHTML 0.33
PDFTOHTML PDFTOHTML 0.32 b
PDFTOHTML PDFTOHTML 0.32 a
KDE KOffice 1.3.4
KDE KOffice 1.3.3
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
KDE KOffice 1.3.2
KDE KOffice 1.3.1
KDE KOffice 1.3
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
KDE kdegraphics 3.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
KDE KDE 3.3.2
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.1
+ Debian Linux 3.1
KDE KDE 3.2.3
GNOME GPdf 0.132
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
GNOME GPdf 0.131
GNOME GPdf 0.112
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 10.0
GNOME GPdf 0.110
+ Red Hat Fedora Core1
Gentoo Linux
Easy Software Products CUPS 1.1.21
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
Easy Software Products CUPS 1.1.20
+ ALT Linux ALT Linux Compact 2.3
+ ALT Linux ALT Linux Junior 2.3
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ MandrakeSoft apcupsd 2006.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ S.u.S.E. Linux Personal 9.1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Easy Software Products CUPS 1.1.19 rc5
Easy Software Products CUPS 1.1.19
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 8.0
Easy Software Products CUPS 1.1.18
+ Conectiva Linux 9.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux Personal 8.2
Easy Software Products CUPS 1.1.17
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
Easy Software Products CUPS 1.1.16
+ Mandriva Linux Mandrake 9.0
Easy Software Products CUPS 1.1.15
Easy Software Products CUPS 1.1.14
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
Easy Software Products CUPS 1.1.13
Easy Software Products CUPS 1.1.12
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
Easy Software Products CUPS 1.1.10
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
CSTeX cstetex 2.0.2
Conectiva Linux 10.0
Conectiva Linux 9.0
Avaya Network Routing
Avaya Integrated Management
Avaya CVLAN
ASCII pTeX 3.1.4
Xpdf Xpdf 3.0 pl2

- 不受影响的程序版本

Xpdf Xpdf 3.0 pl2

- 漏洞讨论

The xpdf utility is reported prone to a remote buffer-overflow vulnerability. This issue exists because the applications fails to perform proper boundary checks before copying user-supplied data into process buffers. A remote attacker may execute arbitrary code in the context of a user running the application. As a result, the attacker can gain unauthorized access to the vulnerable computer.

An attacker can exploit this issue by enticing a vulnerable user to open a malformed PDF file. If the application is configured as the default handler for PDF files, this could present a viable web or email attack vector, because when the PDF is clicked from an appropriate client application, xpdf will automatically be invoked.

This issue is reported to affect xpdf 3.00, but earlier versions are likely prone to this vulnerability as well. Applications using embedded xpdf code may be vulnerable to these issues as well.

- 漏洞利用


Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案


xpdf-3.00pl2 is available to address this issue.

Please see the referenced advisories for more information.


GNOME GPdf 0.110

GNOME GPdf 0.112

GNOME GPdf 0.132

PDFTOHTML PDFTOHTML 0.35

PDFTOHTML PDFTOHTML 0.36

Xpdf Xpdf 1.0 1

Easy Software Products CUPS 1.1.14

Easy Software Products CUPS 1.1.16

Easy Software Products CUPS 1.1.17

Easy Software Products CUPS 1.1.18

Easy Software Products CUPS 1.1.19

Easy Software Products CUPS 1.1.20

Easy Software Products CUPS 1.1.21

KDE KOffice 1.3

KDE KOffice 1.3.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站