Package name
gpdf
Date
2005-01-25
Advisory ID
MDKSA-2005:016
Affected versions
10.0 amd64 , CS3.0 i586 , 10.1 i586 , 10.0 i586 , 10.1 x86_64

Problem description

A buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Gpdf uses xpdf code and is susceptible to the same vulnerability. The updated packages have been patched to prevent these problems.

Updated packages

10.0 amd64

 76dcd6cc6c50b284371ae17eef7112e1  amd64/10.0/RPMS/gpdf-0.112-2.5.100mdk.amd64.rpm
dc1ff1ca81d1148e7524b3a53fe68197  amd64/10.0/SRPMS/gpdf-0.112-2.5.100mdk.src.rpm

CS3.0 i586

 14b33a6547cf218481ba22a1ebd21b16  corporate/3.0/RPMS/gpdf-0.112-2.5.C30mdk.i586.rpm
9fc41a46a4398ece01b369547aac6125  corporate/3.0/SRPMS/gpdf-0.112-2.5.C30mdk.src.rpm

10.1 i586

 56154e1310488f9ba89004a979ee3393  10.1/RPMS/gpdf-0.132-3.4.101mdk.i586.rpm
391b99e6a4f37385493acde18209f85c  10.1/SRPMS/gpdf-0.132-3.4.101mdk.src.rpm

10.0 i586

 fa03ef1a1d5a1784298d890e8cf09bd2  10.0/RPMS/gpdf-0.112-2.5.100mdk.i586.rpm
dc1ff1ca81d1148e7524b3a53fe68197  10.0/SRPMS/gpdf-0.112-2.5.100mdk.src.rpm

10.1 x86_64

 e1ddd99a172f76393693e25f1a302a17  x86_64/10.1/RPMS/gpdf-0.132-3.4.101mdk.x86_64.rpm
391b99e6a4f37385493acde18209f85c  x86_64/10.1/SRPMS/gpdf-0.132-3.4.101mdk.src.rpm

References