Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200501-32 ] KPdf, KOffice: Stack overflow in included Xpdf code
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Bodhisattva
Bodhisattva


Joined: 25 Feb 2003
Posts: 3827
Location: Essen, Germany

PostPosted: Sun Jan 23, 2005 4:29 pm    Post subject: [ GLSA 200501-32 ] KPdf, KOffice: Stack overflow in included Reply with quote

Gentoo Linux Security Advisory

Title: KPdf, KOffice: Stack overflow in included Xpdf code (GLSA 200501-32)
Severity: normal
Exploitable: remote
Date: January 23, 2005
Bug(s): #78619, #78620
ID: 200501-32

Synopsis


KPdf and KOffice both include vulnerable Xpdf code to handle PDF files,
making them vulnerable to the execution of arbitrary code.


Background


KPdf is a KDE-based PDF viewer included in the kdegraphics
package. KOffice is an integrated office suite for KDE.


Affected Packages

Package: app-office/koffice
Vulnerable: < 1.3.5-r2
Unaffected: >= 1.3.5-r2
Architectures: All supported architectures

Package: kde-base/kdegraphics
Vulnerable: < 3.3.2-r2
Unaffected: >= 3.3.2-r2
Unaffected: >= 3.2.3-r4 < 3.2.4
Architectures: All supported architectures


Description


KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf
is vulnerable to a new stack overflow, as described in GLSA 200501-28.


Impact


An attacker could entice a user to open a specially-crafted PDF
file, potentially resulting in the execution of arbitrary code with the
rights of the user running the affected application.


Workaround


There is no known workaround at this time.


Resolution


All KPdf users should upgrade to the latest version of
kdegraphics:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose kde-base/kdegraphics

All KOffice users should upgrade to the latest version:
Code:
# emerge --sync
    # emerge --ask --oneshot --verbose app-office/koffice


References

GLSA 200501-18
CAN-2005-0064
KDE Security Advisory: kpdf Buffer Overflow Vulnerability
KDE Security Advisory: KOffice PDF Import Filter Vulnerability


Last edited by GLSA on Mon Jun 10, 2013 4:19 am; edited 2 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum