MDKSA-2005:017

Package name

xpdf

Date

2005-01-25

Advisory ID

MDKSA-2005:017

Affected versions

CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

A buffer overflow vulnerability was discovered in the xpdf PDF viewer, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. The updated packages have been patched to prevent these problems.

Updated packages

CS2.1 x86_64

 2d48f20adea08eb27f25469cf66d4be8  x86_64/corporate/2.1/RPMS/xpdf-1.01-4.8.C21mdk.x86_64.rpm
b3a3a37961c14abe80eda3d170ab3550  x86_64/corporate/2.1/SRPMS/xpdf-1.01-4.8.C21mdk.src.rpm

10.0 amd64

 661d716961ace2071ec87bedb51811da  amd64/10.0/RPMS/xpdf-3.00-5.4.100mdk.amd64.rpm
1990c8a678ea40233f5dc12c3a503fa2  amd64/10.0/SRPMS/xpdf-3.00-5.4.100mdk.src.rpm

10.1 i586

 5eb526adbcae9193ce09fa06724215c3  10.1/RPMS/xpdf-3.00-7.3.101mdk.i586.rpm
5eb526adbcae9193ce09fa06724215c3  10.1/SRPMS/xpdf-3.00-7.3.101mdk.i586.rpm

10.0 i586

 8fe688c70f2d61ff8750e21f75eebeb3  10.0/RPMS/xpdf-3.00-5.4.100mdk.i586.rpm
1990c8a678ea40233f5dc12c3a503fa2  10.0/SRPMS/xpdf-3.00-5.4.100mdk.src.rpm

CS3.0 i586

 681b0e2029b8d4e468e4e94d9f76d0f7  corporate/3.0/RPMS/xpdf-3.00-5.4.C30mdk.i586.rpm
ab09023403f50e92c11ea277e9819f8a  corporate/3.0/SRPMS/xpdf-3.00-5.4.C30mdk.src.rpm

CS2.1 i586

 e890707f2e00fd17a06ff2fb6545b5dd  corporate/2.1/RPMS/xpdf-1.01-4.8.C21mdk.i586.rpm
b3a3a37961c14abe80eda3d170ab3550  corporate/2.1/SRPMS/xpdf-1.01-4.8.C21mdk.src.rpm

10.1 x86_64

 62c8956238470dde55e328c2d397e276  x86_64/10.1/RPMS/xpdf-3.00-7.3.101mdk.x86_64.rpm
5eb526adbcae9193ce09fa06724215c3  x86_64/10.1/SRPMS/xpdf-3.00-7.3.101mdk.i586.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064