Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200601-02 ] KPdf, KWord: Multiple overflows in included Xpdf code
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1540

PostPosted: Wed Jan 04, 2006 10:26 pm    Post subject: [ GLSA 200601-02 ] KPdf, KWord: Multiple overflows in includ Reply with quote

Gentoo Linux Security Advisory

Title: KPdf, KWord: Multiple overflows in included Xpdf code (GLSA 200601-02)
Severity: normal
Exploitable: remote
Date: January 04, 2006
Updated: January 07, 2006
Bug(s): #114429, #115851
ID: 200601-02

Synopsis


KPdf and KWord both include vulnerable Xpdf code to handle PDF files,
making them vulnerable to the execution of arbitrary code.


Background


KPdf is a KDE-based PDF viewer included in the kdegraphics package.
KWord is a KDE-based word processor also included in the koffice
package.


Affected Packages

Package: kde-base/kdegraphics
Vulnerable: < 3.4.3-r3
Unaffected: >= 3.4.3-r3
Architectures: All supported architectures

Package: kde-base/kpdf
Vulnerable: < 3.4.3-r3
Unaffected: >= 3.4.3-r3
Architectures: All supported architectures

Package: app-office/koffice
Vulnerable: < 1.4.2-r6
Unaffected: >= 1.4.2-r6
Architectures: All supported architectures

Package: app-office/kword
Vulnerable: < 1.4.2-r6
Unaffected: >= 1.4.2-r6
Architectures: All supported architectures


Description


KPdf and KWord both include Xpdf code to handle PDF files. This Xpdf
code is vulnerable to several heap overflows (GLSA 200512-08) as well
as several buffer and integer overflows discovered by Chris Evans
(CESA-2005-003).


Impact


An attacker could entice a user to open a specially crafted PDF file
with Kpdf or KWord, potentially resulting in the execution of arbitrary
code with the rights of the user running the affected application.


Workaround


There is no known workaround at this time.


Resolution


All kdegraphics users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.4.3-r3"

All Kpdf users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.4.3-r3"

All KOffice users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=app-office/koffice-1.4.2-r6"

All KWord users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose ">=app-office/kword-1.4.2-r6"


References

CAN-2005-3191
CAN-2005-3192
CAN-2005-3193
CVE-2005-3624
CVE-2005-3625
CVE-2005-3626
CVE-2005-3627
CVE-2005-3628
GLSA 200512-08
KDE Security Advisory: kpdf/xpdf multiple integer overflows
CESA-2005-003


Last edited by GLSA on Mon Jun 10, 2013 4:22 am; edited 2 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum