GLSA Bodhisattva
Joined: 25 Feb 2003 Posts: 3829 Location: Essen, Germany
|
Posted: Sun Jan 23, 2005 4:29 pm Post subject: [ GLSA 200501-32 ] KPdf, KOffice: Stack overflow in included |
|
|
Gentoo Linux Security Advisory
Title: KPdf, KOffice: Stack overflow in included Xpdf code (GLSA 200501-32)
Severity: normal
Exploitable: remote
Date: January 23, 2005
Bug(s): #78619, #78620
ID: 200501-32
Synopsis
KPdf and KOffice both include vulnerable Xpdf code to handle PDF files,
making them vulnerable to the execution of arbitrary code.
Background
KPdf is a KDE-based PDF viewer included in the kdegraphics
package. KOffice is an integrated office suite for KDE.
Affected Packages
Package: app-office/koffice
Vulnerable: < 1.3.5-r2
Unaffected: >= 1.3.5-r2
Architectures: All supported architectures
Package: kde-base/kdegraphics
Vulnerable: < 3.3.2-r2
Unaffected: >= 3.3.2-r2
Unaffected: >= 3.2.3-r4 < 3.2.4
Architectures: All supported architectures
Description
KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf
is vulnerable to a new stack overflow, as described in GLSA 200501-28.
Impact
An attacker could entice a user to open a specially-crafted PDF
file, potentially resulting in the execution of arbitrary code with the
rights of the user running the affected application.
Workaround
There is no known workaround at this time.
Resolution
All KPdf users should upgrade to the latest version of
kdegraphics:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdegraphics |
All KOffice users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose app-office/koffice |
References
GLSA 200501-18
CAN-2005-0064
KDE Security Advisory: kpdf Buffer Overflow Vulnerability
KDE Security Advisory: KOffice PDF Import Filter Vulnerability
Last edited by GLSA on Mon Jun 10, 2013 4:19 am; edited 2 times in total |
|