CVE-2005-3193
CVSS5.1
发布时间 :2005-12-06 19:03:00
修订时间 :2016-11-18 21:59:29
NMCOPS    

[原文]Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.


[CNNVD]多家厂商xpdf JPX流阅读器堆溢出漏洞(CNNVD-200512-111)

        Xpdf是便携文档格式(PDF)文件的开放源码浏览器。
        多家厂商软件版本所捆绑的xpdf中存在堆溢出漏洞。用于解码嵌入JPEG 2000图形的JPX流解析代码没有充分的验证用户输入。xpdf/JPXStream.cc的JPXStream::readCodestream函数中存在基于堆缓冲区溢出漏洞,从PDF文件的用户可控数据读取nXTiles的值,然后在gmallocn()调用中使用nXTiles和nYTiles值,提供给nXTiles和nYTiles的过大值会破坏堆内存,导致拒绝服务或执行任意代码。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:xpdf:xpdf:0.92
cpe:/a:xpdf:xpdf:0.91
cpe:/a:xpdf:xpdf:3.0.1
cpe:/a:xpdf:xpdf:0.90
cpe:/a:xpdf:xpdf:3.0_pl3
cpe:/a:xpdf:xpdf:3.0_pl2
cpe:/a:xpdf:xpdf:1.0
cpe:/a:xpdf:xpdf:1.0a
cpe:/a:xpdf:xpdf:0.93
cpe:/a:xpdf:xpdf:2.1
cpe:/a:xpdf:xpdf:3.0
cpe:/a:xpdf:xpdf:1.1
cpe:/a:xpdf:xpdf:2.0
cpe:/a:xpdf:xpdf:2.3
cpe:/a:xpdf:xpdf:2.2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11440Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier,...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3193
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-111
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
(UNKNOWN)  SCO  SCOSA-2006.15
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt
(UNKNOWN)  SCO  SCOSA-2006.20
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt
(UNKNOWN)  SCO  SCOSA-2006.21
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
(UNKNOWN)  SGI  20051201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
(UNKNOWN)  SGI  20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
(UNKNOWN)  SGI  20060201-01-U
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
(UNKNOWN)  SUSE  SUSE-SA:2006:001
http://rhn.redhat.com/errata/RHSA-2005-868.html
(UNKNOWN)  REDHAT  RHSA-2005:868
http://securityreason.com/securityalert/236
(UNKNOWN)  SREASON  236
http://securitytracker.com/id?1015309
(UNKNOWN)  SECTRACK  1015309
http://securitytracker.com/id?1015324
(UNKNOWN)  SECTRACK  1015324
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683
(UNKNOWN)  SLACKWARE  SSA:2006-045-09
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747
(UNKNOWN)  SLACKWARE  SSA:2006-045-04
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
(UNKNOWN)  SUNALERT  102972
http://www.debian.org/security/2005/dsa-931
(UNKNOWN)  DEBIAN  DSA-931
http://www.debian.org/security/2005/dsa-932
(UNKNOWN)  DEBIAN  DSA-932
http://www.debian.org/security/2005/dsa-937
(UNKNOWN)  DEBIAN  DSA-937
http://www.debian.org/security/2005/dsa-938
(UNKNOWN)  DEBIAN  DSA-938
http://www.debian.org/security/2005/dsa-940
(UNKNOWN)  DEBIAN  DSA-940
http://www.debian.org/security/2006/dsa-936
(UNKNOWN)  DEBIAN  DSA-936
http://www.debian.org/security/2006/dsa-950
(UNKNOWN)  DEBIAN  DSA-950
http://www.debian.org/security/2006/dsa-961
(UNKNOWN)  DEBIAN  DSA-961
http://www.debian.org/security/2006/dsa-962
(UNKNOWN)  DEBIAN  DSA-962
http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
(UNKNOWN)  GENTOO  GLSA-200512-08
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
(UNKNOWN)  GENTOO  GLSA-200601-02
http://www.gentoo.org/security/en/glsa/glsa-200603-02.xml
(UNKNOWN)  GENTOO  GLSA-200603-02
http://www.idefense.com/application/poi/display?id=345&type=vulnerabilities&flashstatus=true
(VENDOR_ADVISORY)  IDEFENSE  20051205 Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability
http://www.kde.org/info/security/advisory-20051207-1.txt
(UNKNOWN)  CONFIRM  http://www.kde.org/info/security/advisory-20051207-1.txt
http://www.kde.org/info/security/advisory-20051207-2.txt
(UNKNOWN)  CONFIRM  http://www.kde.org/info/security/advisory-20051207-2.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
(UNKNOWN)  MANDRIVA  MDKSA-2006:003
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
(UNKNOWN)  MANDRIVA  MDKSA-2006:004
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
(UNKNOWN)  MANDRIVA  MDKSA-2006:005
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
(UNKNOWN)  MANDRIVA  MDKSA-2006:006
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
(UNKNOWN)  MANDRIVA  MDKSA-2006:008
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
(UNKNOWN)  MANDRIVA  MDKSA-2006:011
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
(UNKNOWN)  MANDRIVA  MDKSA-2006:012
http://www.novell.com/linux/security/advisories/2005_29_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:029
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00014.html
(UNKNOWN)  FEDORA  FEDORA-2005-1125
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html
(UNKNOWN)  FEDORA  FEDORA-2005-1126
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html
(UNKNOWN)  FEDORA  FEDORA-2005-1127
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html
(UNKNOWN)  FEDORA  FEDORA-2005-1141
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html
(UNKNOWN)  FEDORA  FEDORA-2005-1142
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00073.html
(UNKNOWN)  FEDORA  FEDORA-2005-1132
http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00043.html
(UNKNOWN)  CONFIRM  http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00043.html
http://www.redhat.com/support/errata/RHSA-2005-840.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:840
http://www.redhat.com/support/errata/RHSA-2005-867.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:867
http://www.redhat.com/support/errata/RHSA-2005-878.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:878
http://www.redhat.com/support/errata/RHSA-2006-0160.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2006:0160
http://www.securityfocus.com/archive/1/archive/1/418883/100/0/threaded
(UNKNOWN)  BUGTRAQ  20051207 [KDE Security Advisory] multiple buffer overflows in kpdf/koffice
http://www.securityfocus.com/archive/1/archive/1/427053/100/0/threaded
(UNKNOWN)  FEDORA  FLSA-2006:176751
http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:175404
http://www.securityfocus.com/bid/15721
(UNKNOWN)  BID  15721
http://www.trustix.org/errata/2005/0072/
(UNKNOWN)  TRUSTIX  TSLSA-2005-0072
http://www.ubuntulinux.org/usn/usn-227-1
(UNKNOWN)  UBUNTU  USN-227-1
http://www.vupen.com/english/advisories/2005/2787
(UNKNOWN)  VUPEN  ADV-2005-2787
http://www.vupen.com/english/advisories/2005/2789
(UNKNOWN)  VUPEN  ADV-2005-2789
http://www.vupen.com/english/advisories/2005/2790
(UNKNOWN)  VUPEN  ADV-2005-2790
http://www.vupen.com/english/advisories/2005/2856
(UNKNOWN)  VUPEN  ADV-2005-2856
http://www.vupen.com/english/advisories/2007/2280
(UNKNOWN)  VUPEN  ADV-2007-2280
http://xforce.iss.net/xforce/xfdb/23441
(UNKNOWN)  XF  xpdf-jpx-stream-bo(23441)
https://issues.rpath.com/browse/RPL-1609
(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-1609

- 漏洞信息

多家厂商xpdf JPX流阅读器堆溢出漏洞
中危 缓冲区溢出
2005-12-06 00:00:00 2012-12-26 00:00:00
远程  
        Xpdf是便携文档格式(PDF)文件的开放源码浏览器。
        多家厂商软件版本所捆绑的xpdf中存在堆溢出漏洞。用于解码嵌入JPEG 2000图形的JPX流解析代码没有充分的验证用户输入。xpdf/JPXStream.cc的JPXStream::readCodestream函数中存在基于堆缓冲区溢出漏洞,从PDF文件的用户可控数据读取nXTiles的值,然后在gmallocn()调用中使用nXTiles和nYTiles值,提供给nXTiles和nYTiles的过大值会破坏堆内存,导致拒绝服务或执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/xpd...
        ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/xpdf-...
        ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/...
        ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/xpdf-...
        ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch
        http://www.foolabs.com/xpdf/download.html

- 漏洞信息 (F43532)

Debian Linux Security Advisory 962-1 (PacketStormID:F43532)
2006-02-02 00:00:00
Debian  debian.org
advisory,denial of service,overflow,arbitrary
linux,debian
CVE-2005-3191,CVE-2005-3192,CVE-2005-3193,CVE-2005-3624,CVE-2005-3625,CVE-2005-3626,CVE-2005-3627,CVE-2005-3628
[点击下载]

Debian Security Advisory DSA 962-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdftohtml, a utility that translates PDF documents into HTML format, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 962-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
February 1st, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : pdftohtml
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624
                 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf which are also present in pdftohtml, a utility that
translates PDF documents into HTML format, and which can lead to a
denial of service by crashing the application or possibly to the
execution of arbitrary code.

The old stable distribution (woody) does not contain pdftohtml packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.36-11sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your pdftohtml package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1.dsc
      Size/MD5 checksum:      602 c7095f7045d69bcebca90ade3f62a9a4
    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1.diff.gz
      Size/MD5 checksum:    11388 17672ff97722b502d4d5b3ab804401e3
    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36.orig.tar.gz
      Size/MD5 checksum:   300922 75ad095bb51e1f66c9f7691e6af12f44

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_alpha.deb
      Size/MD5 checksum:   313926 ec897e4a81702159e516e823317e8652

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_amd64.deb
      Size/MD5 checksum:   259576 de188540a99fb893584e2c9a2f1c0e41

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_arm.deb
      Size/MD5 checksum:   266372 93821a971df9623124f68216c541f307

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_i386.deb
      Size/MD5 checksum:   253790 45b7b46b375e72507ebdf83b609b9bd3

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_ia64.deb
      Size/MD5 checksum:   374010 a64d9a344341b8ff8f88ceba02a2481e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_hppa.deb
      Size/MD5 checksum:   330128 4ccc9307617411979efbca1d594f463b

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_m68k.deb
      Size/MD5 checksum:   234598 e14153061b6f573e619f9dbd76bfbda8

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_mips.deb
      Size/MD5 checksum:   311310 067a76c99fd6f144f7c75613b37493c7

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_mipsel.deb
      Size/MD5 checksum:   307086 9890b5cec47e5e8e8ae4a9442c326253

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_powerpc.deb
      Size/MD5 checksum:   269364 9f345aa5ef3480b3d4591eeb4071bfa7

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_s390.deb
      Size/MD5 checksum:   242284 4eb6779646c115bfe6ca7e7baaaaaec8

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/pdftohtml/pdftohtml_0.36-11sarge1_sparc.deb
      Size/MD5 checksum:   245330 7dbf6432f1cc0a2e6d9b42ffa80b588f


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD4IYGW5ql+IAeqTIRAlbHAJ4hP7FrxciQRk5rYigkVctVpQzSJgCfSkh5
/K5U8eJ0jhDuf366S6/sitw=
=QZcd
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F43529)

Debian Linux Security Advisory 961-1 (PacketStormID:F43529)
2006-02-02 00:00:00
Debian  debian.org
advisory,denial of service,overflow,arbitrary
linux,debian
CVE-2005-3191,CVE-2005-3192,CVE-2005-3193,CVE-2005-3624,CVE-2005-3625,CVE-2005-3626,CVE-2005-3627,CVE-2005-3628
[点击下载]

Debian Security Advisory DSA 961-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in pdfkit.framework, the GNUstep framework for rendering PDF content, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 961-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
February 1st, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : pdfkit.framework
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624
                 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf which are also present in pdfkit.framework, the
GNUstep framework for rendering PDF content, and which can lead to a
denial of service by crashing the application or possibly to the
execution of arbitrary code.

The old stable distribution (woody) does not contain pdfkit.framework
packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.8-2sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your pdfkit.framework package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1.dsc
      Size/MD5 checksum:      725 67fb49e4f05a6eef25396d23ca0baacd
    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1.diff.gz
      Size/MD5 checksum:     5699 61578e6e26adf73639b464210830896b
    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8.orig.tar.gz
      Size/MD5 checksum:  1780533 7676643ff78a0602c10bfb97fe0bd448

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_alpha.deb
      Size/MD5 checksum:  1821874 8fe74b91409115b4547ba273501e8f79

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_amd64.deb
      Size/MD5 checksum:  1796698 c6f96adecd322a60d77379d1513b26dc

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_arm.deb
      Size/MD5 checksum:  1756056 8632f1ef914df5fcc3b6c3f6dc9ce459

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_i386.deb
      Size/MD5 checksum:  1750384 f000dee97e83dbe85941c1305e689ef2

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_ia64.deb
      Size/MD5 checksum:  1980936 dce8ad12b1ce0e5e097c51243c68f749

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_hppa.deb
      Size/MD5 checksum:  1862404 b4b0d1a421d02987330502e4a653e6a9

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_m68k.deb
      Size/MD5 checksum:  1785734 1c14679aba2cd8cd8bf7aabd42db1cf6

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_mips.deb
      Size/MD5 checksum:  1769138 6600cf166ba6ced0b6c067338f9565c1

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_mipsel.deb
      Size/MD5 checksum:  1754778 0539c52303cf950f3ea66f78eb875449

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_powerpc.deb
      Size/MD5 checksum:  1770876 a8098242afc68c1dfd0c2141f95d88f5

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_s390.deb
      Size/MD5 checksum:  1804716 88af5f5ab641839eac628f9dd36e4509

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/pdfkit.framework/pdfkit.framework_0.8-2sarge1_sparc.deb
      Size/MD5 checksum:  1779964 c07986d5367f97f1598d7e2d592fdc40


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD4GGxW5ql+IAeqTIRAvQiAJ4xOAQr4GcVkPcKAGIlXuLVh+cDOgCdHp19
WLOiQcmij8udAgyvS0Y7Jw4=
=Fs3s
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F43007)

Debian Linux Security Advisory 936-1 (PacketStormID:F43007)
2006-01-12 00:00:00
Debian  debian.org
advisory,denial of service,overflow,arbitrary
linux,debian
CVE-2005-3191,CVE-2005-3192,CVE-2005-3193,CVE-2005-2097,CVE-2005-3624,CVE-2005-3625,CVE-2005-3626,CVE-2005-3627,CVE-2005-3628
[点击下载]

Debian Security Advisory DSA 936-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 936-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 11th, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libextractor
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE IDs        : CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-2097
                 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627
                 CVE-2005-3628

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, which is
also present in libextractor, a library to extract arbitrary meta-data
from files, and which can lead to a denial of service by crashing the
application or possibly to the execution of arbitrary code.

The old stable distribution (woody) does not contain libextractor
packages.

For the stable distribution (sarge) these problems have been fixed in
version 0.4.2-2sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 0.5.8-1.

We recommend that you upgrade your libextractor packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge2.dsc
      Size/MD5 checksum:      778 6906857074772199e2a8a892feb3aae2
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2-2sarge2.diff.gz
      Size/MD5 checksum:     6345 c214699bde0bfad501cede35488b4f09
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor_0.4.2.orig.tar.gz
      Size/MD5 checksum:  5887095 d99e1b13a017d39700e376a0edbf7ba2

  Alpha architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_alpha.deb
      Size/MD5 checksum:    19424 59bb8cddd5c80fb1cba57796b9445dab
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_alpha.deb
      Size/MD5 checksum:  5804676 9942575a95cb97dfcae26b156dca7a58
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_alpha.deb
      Size/MD5 checksum:    19204 fed48ebb930e6a7d3484bd75c8263a81

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_amd64.deb
      Size/MD5 checksum:    18098 7d4a40679062c4d2d70f9c08dc785559
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_amd64.deb
      Size/MD5 checksum:  5641300 ff1bac0e15d1a6ff630a6ced168e284f
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_amd64.deb
      Size/MD5 checksum:    17364 54dd55236286550d6cadc8dbb3df9ccd

  ARM architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_arm.deb
      Size/MD5 checksum:    17480 aa541fc867f51588b676aa23d34e25a8
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_arm.deb
      Size/MD5 checksum:  5710616 ed153d5e88e899f4e27ae5a67c5e45d0
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_arm.deb
      Size/MD5 checksum:    16784 7a7f73139e8c0c62187179e993734932

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_i386.deb
      Size/MD5 checksum:    17624 5419b495e3df96a658e1323c83f7faf9
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_i386.deb
      Size/MD5 checksum:  5713300 1bc2a3ab8b321b543a1ae92590e76f8b
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_i386.deb
      Size/MD5 checksum:    16546 71e4044ff8d923cd56d4bb046be1b37f

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_ia64.deb
      Size/MD5 checksum:    20404 cdea8cf2f6cd2b8a761ccca2a2d85421
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_ia64.deb
      Size/MD5 checksum:  5905266 98f5de1716817b660791a92d5ee7c6a6
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_ia64.deb
      Size/MD5 checksum:    19140 d780e22f3cd6c6204de3db711f068dcd

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_hppa.deb
      Size/MD5 checksum:    18560 70ae8b43a0cd581a36a8097fc94c2172
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_hppa.deb
      Size/MD5 checksum:  5687318 a241f7e800ac5cbd7f45fdafeae267ac
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_hppa.deb
      Size/MD5 checksum:    17710 c1848801758081872515d88f86938537

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_m68k.deb
      Size/MD5 checksum:    17184 d64fcc89500919e03805e47dbb9eca52
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_m68k.deb
      Size/MD5 checksum:  5708190 0d20df48cd437a99544bf748a1c89ea9
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_m68k.deb
      Size/MD5 checksum:    16404 0e47447d4b7007d4016c32a81f2b66f4

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_mips.deb
      Size/MD5 checksum:    18416 38f460cbf16a6c2a3c735c5a6545013a
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_mips.deb
      Size/MD5 checksum:  5729074 76787645b83e4438fc79325410114c99
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_mips.deb
      Size/MD5 checksum:    17700 8cbf4e1556b59d982589d27e5af1211e

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_mipsel.deb
      Size/MD5 checksum:    18460 dfaad60fd479b74c72c46680d92c5920
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_mipsel.deb
      Size/MD5 checksum:  5726846 0d9ad0d53eddd3503cdc2fce6b118595
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_mipsel.deb
      Size/MD5 checksum:    17734 a74a4df56930cd6e1ec289a714fe2225

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_powerpc.deb
      Size/MD5 checksum:    19600 0fbb4093db271d5924d8e1fb81d0c5c3
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_powerpc.deb
      Size/MD5 checksum:  5677812 543192c6a5b6b89fdc0cc0c5b3f2befe
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_powerpc.deb
      Size/MD5 checksum:    17556 bd868a198744609509201e7af0e33ab9

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_s390.deb
      Size/MD5 checksum:    17974 f16109dd971b139abc8a2194731e33c8
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_s390.deb
      Size/MD5 checksum:  5768028 dfda84e8d1a0e53794418a77a09d801f
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_s390.deb
      Size/MD5 checksum:    17918 da3bb3df7f86443b1f36ed4b5bcc0113

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libe/libextractor/extract_0.4.2-2sarge2_sparc.deb
      Size/MD5 checksum:    17480 1ef23c92384723ab64b315b7d8d51089
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1_0.4.2-2sarge2_sparc.deb
      Size/MD5 checksum:  5752164 91a3ad11d2f029e99955b2c54088e034
    http://security.debian.org/pool/updates/main/libe/libextractor/libextractor1-dev_0.4.2-2sarge2_sparc.deb
      Size/MD5 checksum:    16696 87e4150b6738d9921728a1e594bc4904


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDxMoyW5ql+IAeqTIRAoa3AJ4wdQARyff9H2Mjm+0DBiZr4i2HXACfT3tc
/HQ6b6/FOirsuLBIBvIWdew=
=McFo
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F42929)

Debian Linux Security Advisory 931-1 (PacketStormID:F42929)
2006-01-10 00:00:00
Debian  debian.org
advisory,denial of service,overflow,arbitrary
linux,debian
CVE-2005-3191,CVE-2005-3192,CVE-2005-3193,CVE-2005-3624,CVE-2005-3625,CVE-2005-3626,CVE-2005-3627,CVE-2005-3628
[点击下载]

Debian Security Advisory DSA 931-1 - infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 931-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 9th, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : xpdf
Vulnerability  : buffer overflows
Problem type   : remote
Debian-specific: no
CVE IDs        : CAN-2005-3191 CAN-2005-3192 CAN-2005-3193 CVE-2005-3624
                 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
Debian Bug     : 342281

"infamous41md" and Chris Evans discovered several heap based buffer
overflows in xpdf, the Portable Document Format (PDF) suite, that can
lead to a denial of service by crashing the application or possibly to
the execution of arbitrary code.

For the old stable distribution (woody) these problems have been fixed in
version 1.00-3.8.

For the stable distribution (sarge) these problems have been fixed in
version 3.00-13.4.

For the unstable distribution (sid) these problems have been fixed in
version 3.01-4.

We recommend that you upgrade your xpdf package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.dsc
      Size/MD5 checksum:      706 f8091cb4e0b0c7baa8ccc4ee75a50699
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8.diff.gz
      Size/MD5 checksum:    11832 ab0665a0fa767785037ceff313cbc1b3
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00.orig.tar.gz
      Size/MD5 checksum:   397750 81f3c381cef729e4b6f4ce21cf5bbf3c

  Architecture independent components:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_1.00-3.8_all.deb
      Size/MD5 checksum:    38826 43072ed4680dab2c7d68eec7b3f7c45a
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_1.00-3.8_all.deb
      Size/MD5 checksum:     1286 7bd55048fc7aab6c9c35f65d472932da

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_alpha.deb
      Size/MD5 checksum:   571434 7be66f32548c87a66c2353d976a99c36
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_alpha.deb
      Size/MD5 checksum:  1046964 c83387b2ce2c92faa2cbbc86f2d9a9a8

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_arm.deb
      Size/MD5 checksum:   487502 655007df84b968ec59de01638b77f0b8
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_arm.deb
      Size/MD5 checksum:   887368 a2d7e4052bf2a5c4a495c4e45dedf89b

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_i386.deb
      Size/MD5 checksum:   449748 0ae0c17cc4624b254b2aeac09c995d6f
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_i386.deb
      Size/MD5 checksum:   828498 530637087a864c6def87e31283bdeceb

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_ia64.deb
      Size/MD5 checksum:   683068 19ecb0905f8636e67bf7238c10f59ad5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_ia64.deb
      Size/MD5 checksum:  1230046 ed52eb1ba803c65bed5b9b82ec551eef

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_hppa.deb
      Size/MD5 checksum:   564570 e375463f1a090ee04616a2a28d074792
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_hppa.deb
      Size/MD5 checksum:  1034076 c7baa8decb624ae001b8325c426c3e83

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_m68k.deb
      Size/MD5 checksum:   427756 e516e992cf634de082e9261fec596417
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_m68k.deb
      Size/MD5 checksum:   795168 5315ec1734af63b31df537992fd575d7

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_mips.deb
      Size/MD5 checksum:   555626 38b3797dc8685b374bfa4d5b8310e002
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mips.deb
      Size/MD5 checksum:  1017302 f1420c53961b3574c404e3dcee80e633

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_mipsel.deb
      Size/MD5 checksum:   546712 be27f108ed722e04bee9473fb463a749
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_mipsel.deb
      Size/MD5 checksum:   999554 d8983b16cb67d5b5da734e8a166079b1

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_powerpc.deb
      Size/MD5 checksum:   470466 c90999ac3ffef0f1ca9907ec0c52e8ca
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_powerpc.deb
      Size/MD5 checksum:   860678 1b79e9b04f6b86cee3365c27c99b8c8a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_s390.deb
      Size/MD5 checksum:   430408 09493b1bae3177137a922adbaee7af25
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_s390.deb
      Size/MD5 checksum:   786644 98062cef2cfd5f78eba94f92f7ffc7ec

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_1.00-3.8_sparc.deb
      Size/MD5 checksum:   444146 9bb3e73108672a45c87eb172b30b645e
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_1.00-3.8_sparc.deb
      Size/MD5 checksum:   810204 53735cf450d1ff09449dd4e744e31f4a


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.dsc
      Size/MD5 checksum:      781 df2be00a261c47ed25cbf00bdcefcc32
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4.diff.gz
      Size/MD5 checksum:    50734 3018a9155bbcf704f47132bbefddd5b5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00.orig.tar.gz
      Size/MD5 checksum:   534697 95294cef3031dd68e65f331e8750b2c2

  Architecture independent components:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-common_3.00-13.4_all.deb
      Size/MD5 checksum:    56504 333976022e4bd6b1a241844231f2db30
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf_3.00-13.4_all.deb
      Size/MD5 checksum:     1284 1b077a992654b8df5727d844deb84e0c

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_alpha.deb
      Size/MD5 checksum:   802112 93e96a4213f4966d8c0bb2c1e34b572d
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_alpha.deb
      Size/MD5 checksum:  1528190 5db2e3cd7ab5f2865d5303163c3d08a7

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_amd64.deb
      Size/MD5 checksum:   667754 df5e85b58bcb2f7b86837e7a79b745f9
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_amd64.deb
      Size/MD5 checksum:  1273734 5554c8f473a892cc8478f50bc1dd96dd

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_arm.deb
      Size/MD5 checksum:   674458 b419a39cb5b1bbaefe52c51f163913d5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_arm.deb
      Size/MD5 checksum:  1279040 fe5af7d7209bb14e865404ea695a6df3

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_i386.deb
      Size/MD5 checksum:   656804 e319b835c10f76ad7946b74da24ba1bf
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_i386.deb
      Size/MD5 checksum:  1242164 731e556748f3f84465bd6537462fde03

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_ia64.deb
      Size/MD5 checksum:   950974 fe4f3be5aa05772806309faaa3847db3
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_ia64.deb
      Size/MD5 checksum:  1801950 27c19b5813e7d2aa34aca9847c277b40

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_hppa.deb
      Size/MD5 checksum:   832646 a2504b353573d384d443e923782775f1
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_hppa.deb
      Size/MD5 checksum:  1580478 72266677b36f9ec9ab2c2bcac1dfe7ac

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_m68k.deb
      Size/MD5 checksum:   585736 e1331547251b0d5eba96c68e6665abf2
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_m68k.deb
      Size/MD5 checksum:  1116746 46d969a98302c1b49b5e9a355047adfc

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_mips.deb
      Size/MD5 checksum:   807800 d1acd349bc0a932ea3467db9796919f5
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mips.deb
      Size/MD5 checksum:  1524848 685d65d2a07676b55fa3abd8505018a9

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_mipsel.deb
      Size/MD5 checksum:   798090 18503fbab79be783005bed35d4cdb02d
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_mipsel.deb
      Size/MD5 checksum:  1503796 aaa4b1de4370d52cc2b3e595542f82c3

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_powerpc.deb
      Size/MD5 checksum:   694126 08e64354f30b1bd573092925b894c77f
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_powerpc.deb
      Size/MD5 checksum:  1313048 5f39d0ffe44186db884a7c1115704666

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_s390.deb
      Size/MD5 checksum:   630774 8b48412164ae96066c61399a5c7b3cd7
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_s390.deb
      Size/MD5 checksum:  1198670 6b837427a05f0b19630197183c9c50f1

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-reader_3.00-13.4_sparc.deb
      Size/MD5 checksum:   626394 0bbb59b11b9d11f9129fbd475e3ab186
    http://security.debian.org/pool/updates/main/x/xpdf/xpdf-utils_3.00-13.4_sparc.deb
      Size/MD5 checksum:  1181726 a523c04a7ae1c3b8fc24c29f46d3c589


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDwpWrW5ql+IAeqTIRAhdkAKCgwmk5BFUWu5yB3YbFlL2fLf90ZwCfbgnG
UEndv6nnPJdfmUKQUHx2Jus=
=+8on
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F42810)

Gentoo Linux Security Advisory 200601-2 (PacketStormID:F42810)
2006-01-05 00:00:00
Gentoo  security.gentoo.org
advisory,overflow
linux,gentoo
CVE-2005-3191,CVE-2005-3192,CVE-2005-3193
[点击下载]

Gentoo Linux Security Advisory GLSA 200601-02 - KPdf and KWord both include Xpdf code to handle PDF files. This Xpdf code is vulnerable to several heap overflows (GLSA 200512-08) as well as several buffer and integer overflows discovered by Chris Evans. Versions less than 3.4.3-r3 are affected.

--nextPart2555777.h1rhfufMb1
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200601-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: KPdf, KWord: Multiple overflows in included Xpdf code
      Date: January 04, 2006
      Bugs: #114429, #115851
        ID: 200601-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

KPdf and KWord both include vulnerable Xpdf code to handle PDF files,
making them vulnerable to the execution of arbitrary code.

Background
==========

KPdf is a KDE-based PDF viewer included in the kdegraphics package.
KWord is a KDE-based word processor also included in the koffice
package.

Affected packages
=================

    -------------------------------------------------------------------
     Package               /  Vulnerable  /                 Unaffected
    -------------------------------------------------------------------
  1  kde-base/kdegraphics     < 3.4.3-r3                   >= 3.4.3-r3
  2  kde-base/kpdf            < 3.4.3-r3                   >= 3.4.3-r3
  3  app-office/koffice       < 1.4.2-r6                   >= 1.4.2-r6
  4  app-office/kword         < 1.4.2-r6                   >= 1.4.2-r6
    -------------------------------------------------------------------
     4 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

KPdf and KWord both include Xpdf code to handle PDF files. This Xpdf
code is vulnerable to several heap overflows (GLSA 200512-08) as well
as several buffer and integer overflows discovered by Chris Evans.

Impact
======

An attacker could entice a user to open a specially crafted PDF file
with Kpdf or KWord, potentially resulting in the execution of arbitrary
code with the rights of the user running the affected application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All kdegraphics users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.4.3-r3"

All Kpdf users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.4.3-r3"

All KOffice users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-office/koffice-1.4.2-r6"

All KWord users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-office/kword-1.4.2-r6"

References
==========

  [ 1 ] CAN-2005-3191
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3191
  [ 2 ] CAN-2005-3192
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3192
  [ 3 ] CAN-2005-3193
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193
  [ 4 ] CVE-2005-3624
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
  [ 5 ] CVE-2005-3625
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
  [ 6 ] CVE-2005-3626
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
  [ 7 ] CVE-2005-3627
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
  [ 8 ] GLSA 200512-08
        http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
  [ 9 ] KDE Security Advisory: kpdf/xpdf multiple integer overflows
        http://www.kde.org/info/security/advisory-20051207-2.txt

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200601-02.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

--nextPart2555777.h1rhfufMb1
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQBDvEX8zKC5hMHO6rkRAlBZAJwLqhXVdTO0CDzYburM3YRfzRn3kwCeJvSs
sQw7gp6in+gHcPl/+h6S238=
=Hrli
-----END PGP SIGNATURE-----

--nextPart2555777.h1rhfufMb1--
    

- 漏洞信息 (F42245)

KDE Security Advisory 2005-12-07.1 (PacketStormID:F42245)
2005-12-14 00:00:00
KDE Desktop  kde.org
advisory,overflow,arbitrary,vulnerability
CVE-2005-3191,CVE-2005-3192,CVE-2005-3193
[点击下载]

KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains multiple integer overflow vulnerabilities that allow specially crafted pdf files, when opened, to overflow a heap allocated buffer and execute arbitrary code. Systems affected are KDE 3.2.0 up to and including KDE 3.5.0 and KOffice 1.3.0 up to and including KOffice 1.4.2.

KDE Security Advisory: kpdf/xpdf multiple integer overflows
Original Release Date: 2005-12-07
URL: http://www.kde.org/info/security/advisory-20051207-1.txt

0. References
        CAN-2005-3191
        CAN-2005-3192
        CAN-2005-3193


1. Systems affected:

        KDE 3.2.0 up to including KDE 3.5.0
	KOffice 1.3.0 up to including KOffice 1.4.2


2. Overview:

        kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
        multiple integer overflow vulnerabilities that allow specially
	crafted pdf files, when opened, to overflow a heap allocated
	buffer and execute arbitrary code. 


3. Impact:

        Remotely supplied pdf files can be used to execute arbitrary
	code on the client machine.


4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        Patch for KDE 3.5.0 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        04d1a115cca0deacbfca5c172bb9f4db  
post-3.5.0-kdegraphics-CAN-2005-3193.diff

        Patch for KDE 3.4.3 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        b9787ff17e3e7eccee9ff23edcdca2c1 
post-3.4.3-kdegraphics-CAN-2005-3193.diff

        Patch for KDE 3.3.2 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

	8e0b2db76bc419b444f8308b3d8127b9  post-3.3.2-kdegraphics-CAN-2005-3193.diff

        Patch for KDE 3.2.3 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        75c90ff2998ff7b4c1b66fbf85d351f1  
post-3.2.3-kdegraphics-CAN-2005-3193.diff

        Patch for KOffice 1.3.0 and newer is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

	e663d0b1b6c32c3fb99c85834ae7b17b  post-1.3-koffice-CAN-2005-3193.diff

    

- 漏洞信息 (F42182)

iDEFENSE Security Advisory 2005-12-05.1 (PacketStormID:F42182)
2005-12-09 00:00:00
iDefense Labs,infamous41md  idefense.com
advisory,denial of service,overflow,arbitrary,local,code execution
CVE-2005-3193
[点击下载]

iDEFENSE Security Advisory 12.05.05 - Local exploitation of a heap-based buffer overflow vulnerability in xpdf, as included by multiple vendor's software distributions, could allow attackers to cause a denial of service (DoS) condition, potentially resulting in arbitrary code execution. The vulnerability specifically exists due to insufficient input validation in the JPX Stream parsing code for decoding embedded JPEG 2000 images. iDefense has confirmed the existence of this vulnerability in xpdf 3.01. All earlier versions of xpdf are suspected vulnerable.

Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability

iDefense Security Advisory 12.05.05
www.idefense.com/application/poi/display?id=345&type=vulnerabilities
December 5, 2005

I. BACKGROUND

Xpdf is an open-source viewer for Portable Document Format (PDF) files.

II. DESCRIPTION

Local exploitation of a heap-based buffer overflow vulnerability in 
xpdf, as included by multiple vendor's software distributions, could 
allow attackers to cause a denial of service (DoS) condition, 
potentially resulting in arbitrary code execution. 

The vulnerability specifically exists due to insufficient input 
validation in the JPX Stream parsing code for decoding embedded JPEG 
2000 images. The JPXStream::readCodestream function from 
xpdf/JPXStream.cc takes the value of nXTiles and nYTiles from user-
controllable data from within the PDF file. The nXTiles and nYTiles 
values are then used in a gmallocn() call as shown below.

GBool JPXStream::readCodestream(Guint len) {
...
    switch (segType) {
    case 0x4f:            // SOC - start of codestream
      // marker only
      break;
    case 0x51:            // SIZ - image and tile size
      if (!readUWord(&capabilities) ||
      !readULong(&img.xSize) ||
      !readULong(&img.ySize) ||
      !readULong(&img.xOffset) ||
      !readULong(&img.yOffset) ||
      !readULong(&img.xTileSize) ||
      !readULong(&img.yTileSize) ||
      !readULong(&img.xTileOffset) ||
      !readULong(&img.yTileOffset) ||
      !readUWord(&img.nComps)) {
        error(getPos(), "Error in JPX SIZ marker segment");
        return gFalse;
      }
...
      img.nXTiles = (img.xSize - img.xTileOffset + img.xTileSize - 1) /
        img.xTileSize;
      img.nYTiles = (img.ySize - img.yTileOffset + img.yTileSize - 1) /
        img.yTileSize;
  
      img.tiles = (JPXTile *)gmallocn(img.nXTiles * img.nYTiles,
        sizeof(JPXTile));

The values are used again later in JPEG format parsing code to copy 
data from the file into a pre-allocated buffer in the heap. Overly 
large values supplied to nXTiles and nYTiles result in corruption of 
heap memory, which results in a DoS condition. This could result in 
arbitrary code execution.

III. ANALYSIS

Exploitation could result in arbitrary code execution with privileges 
of the xpdf process. Currently, exploitation resulting in code 
execution is theoretical and dependant on the process memory layout. A 
typical exploitation attempt would require an attacker to supply a 
malicious pdf to the victim. The victim would need to open the corrupt 
pdf file in xpdf. Only then would the vulnerability be triggered.

IV. DETECTION

iDefense has confirmed the existence of this vulnerability in xpdf 
3.01. All earlier versions of xpdf are suspected vulnerable.

The following vendors include susceptible xpdf packages within their 
operating system distributions:

    . The Debian Project: Linux 3.0 and 3.1 

V. WORKAROUND

iDefense is currently unaware of any effective workarounds for this 
vulnerability.

VI. VENDOR RESPONSE

A patch for this vulnerability is available at:
  
  ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch

Updated binaries (version 3.01pl1) are available at:

  http://www.foolabs.com/xpdf/download.html

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2005-3193 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

10/13/2005  Initial vendor notification
10/19/2005  Initial vendor response
12/05/2005  Coordinated public disclosure

IX. CREDIT

iDefense credits infamous41md@hotpop.com with the discovery of this 
vulnerability.

Get paid for vulnerability research
http://www.iDefense.com/poi/teams/vcp.jsp

Free tools, research and upcoming events
http://labs.iDefense.com

X. LEGAL NOTICES

Copyright C 2005 iDefense, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerservice@iDefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.

    

- 漏洞信息

21463
Multiple Products Xpdf/kpdf JPXStream.cc JPXStream::readCodestream Function Overflow
Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

- 时间线

2005-12-05 2005-10-13
Unknow Unknow

- 解决方案

Upgrade to version 3.01pl1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

XPDF JPX Stream Reader Remote Heap Buffer Overflow Vulnerability
Boundary Condition Error 15721
Yes No
2005-12-06 12:00:00 2007-08-10 07:44:00
This vulnerability was discovered by infamous41md@hotpop.com.

- 受影响的程序版本

Xpdf Xpdf 3.0 pl3
Xpdf Xpdf 3.0 pl2
Xpdf Xpdf 3.0 1
Xpdf Xpdf 3.0 0
Xpdf Xpdf 2.0.2
Xpdf Xpdf 2.0 3
Xpdf Xpdf 2.0 2
Xpdf Xpdf 2.0 1
Xpdf Xpdf 2.0
Xpdf Xpdf 1.0 1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.2
Xpdf Xpdf 1.0 0a
Xpdf Xpdf 1.0 0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 8.0
Xpdf Xpdf 0.93
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
Xpdf Xpdf 0.92
Xpdf Xpdf 0.91
- Debian Linux 2.2
Xpdf Xpdf 0.90
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Server 10.0 x86
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux FUJI
Turbolinux Turbolinux 10 F...
TurboLinux Personal
TurboLinux Multimedia
Turbolinux Home
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
Trend Micro InterScan VirusWall 8.0
TransSoft Broker FTP Server 8.0
TransSoft Broker FTP Server 7.0
teTeX teTeX 3.0
teTeX teTeX 2.0.2
teTeX teTeX 2.0.1
teTeX teTeX 2.0
teTeX teTeX 1.0.7
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
Sun Solaris 10_x86
Sun Solaris 10.0_x86
Sun Solaris 10.0
Sun Solaris 10
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux -current
SGI ProPack 3.0 SP6
SCO Unixware 7.1.4
SCO Open Server 6.0
SCO Open Server 5.0.7
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
rPath rPath Linux 1
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Poppler poppler 0.4.2
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
KDE kpdf 0.5
KDE KOffice 1.4.2
KDE KOffice 1.4.1
KDE KOffice 1.4
KDE KOffice 1.3.5
KDE KOffice 1.3.4
KDE KOffice 1.3.3
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
KDE KOffice 1.3.2
KDE KOffice 1.3.1
KDE KOffice 1.3 beta3
KDE KOffice 1.3 beta2
KDE KOffice 1.3 beta1
KDE KOffice 1.3
KDE KDE 3.5
KDE KDE 3.4.3
KDE KDE 3.4.2
KDE KDE 3.4.1
KDE KDE 3.4
KDE KDE 3.3.2
KDE KDE 3.3.2
KDE KDE 3.3.1
+ Red Hat Fedora Core3
KDE KDE 3.3
KDE KDE 3.2.3
KDE KDE 3.2.2
+ KDE KDE 3.2.2
+ Red Hat Fedora Core2
KDE KDE 3.2.1
KDE KDE 3.2
GNOME GPdf 2.8.3
GNOME GPdf 2.8.2
GNOME GPdf 2.1
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Conectiva Linux 10.0
Avaya Interactive Response 2.0
Xpdf Xpdf 3.0 1pl1

- 不受影响的程序版本

Xpdf Xpdf 3.0 1pl1

- 漏洞讨论

The 'xpdf' utility is reported prone to a remote buffer-overflow vulnerability. This issue exists because the application fails to perform proper boundary checks before copying user-supplied data into process buffers. A remote attacker may execute arbitrary code in the context of a user running the application. As a result, the attacker can gain unauthorized access to the vulnerable computer.

Reportedly, this issue presents itself in the 'JPXStream::readCodestream' function residing in the 'xpdf/JPXStream.cc' file.

This issue is reported to affect xpdf 3.01, but earlier versions are likely prone to this vulnerability as well. Applications using embedded xpdf code may also be vulnerable.

The 'kpdf' utility reportedly incorporates vulnerable xpdf code. Version 0.5 of kpdf is prone to this issue, but other versions may also be affected.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

The vendor has released a patch to address this issue. Please see the referenced advisories for more information.


Sun Solaris 10.0

Xpdf Xpdf 0.91

Xpdf Xpdf 0.93

Xpdf Xpdf 1.0 1

Xpdf Xpdf 1.0 0

KDE KOffice 1.3 beta1

KDE KOffice 1.3 beta2

KDE KOffice 1.3.3

KDE KOffice 1.3.5

KDE KOffice 1.4

Xpdf Xpdf 3.0 1

Xpdf Xpdf 3.0 pl2

Xpdf Xpdf 3.0 pl3

KDE KDE 3.2.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站