MDKSA-2006:012

Package name

kdegraphics

Date

2006-01-12

Advisory ID

MDKSA-2006:012

Affected versions

CS3.0 i586 , 2006.0 i586 , 2006.0 x86_64 , CS3.0 x86_64

Problem description

Multiple heap-based buffer overflows in the
DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions
in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier,
allow user-complicit attackers to cause a denial of service (heap
corruption) and possibly execute arbitrary code via a crafted PDF file
with an out-of-range number of components (numComps), which is used as
an array index. (CVE-2005-3191)

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01
allows remote attackers to execute arbitrary code via a PDF file with
an out-of-range numComps (number of components) field. (CVE-2005-3192)

Heap-based buffer overflow in the JPXStream::readCodestream function
in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier
allows user-complicit attackers to cause a denial of service (heap
corruption) and possibly execute arbitrary code via a crafted PDF file
with large size values that cause insufficient memory to be allocated.
(CVE-2005-3193)

An additional patch re-addresses memory allocation routines in
goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE).

In addition, Chris Evans discovered several other vulnerbilities in
the xpdf code base:

Out-of-bounds heap accesses with large or negative parameters to
"FlateDecode" stream. (CVE-2005-3192)

Out-of-bounds heap accesses with large or negative parameters to
"CCITTFaxDecode" stream. (CVE-2005-3624)

Infinite CPU spins in various places when stream ends unexpectedly.
(CVE-2005-3625)

NULL pointer crash in the "FlateDecode" stream. (CVE-2005-3626)

Overflows of compInfo array in "DCTDecode" stream. (CVE-2005-3627)

Possible to use index past end of array in "DCTDecode" stream.
(CVE-2005-3627)

Possible out-of-bounds indexing trouble in "DCTDecode" stream.
(CVE-2005-3627)

Kdegraphics uses an embedded copy of the xpdf code, with the same
vulnerabilities.

The updated packages have been patched to correct these problems.

Updated packages

CS3.0 i586

 c39f852b3d214fc4aaf5bb2e9b833410  corporate/3.0/RPMS/kdegraphics-3.2-15.10.C30mdk.i586.rpm
 a5ca353a196301ea280d4e44bc5dc915  corporate/3.0/RPMS/kdegraphics-common-3.2-15.10.C30mdk.i586.rpm
 536c90a22629af75c9beeb74b97ee834  corporate/3.0/RPMS/kdegraphics-kdvi-3.2-15.10.C30mdk.i586.rpm
 6455c40fdc006c3ca586f5857e40325a  corporate/3.0/RPMS/kdegraphics-kfax-3.2-15.10.C30mdk.i586.rpm
 d5d802c57842ac1880549c8de7e9483f  corporate/3.0/RPMS/kdegraphics-kghostview-3.2-15.10.C30mdk.i586.rpm
 553f227e00b02730ecdc867ddab8230d  corporate/3.0/RPMS/kdegraphics-kiconedit-3.2-15.10.C30mdk.i586.rpm
 79c467ada6993af684a1f0ec2f031dc6  corporate/3.0/RPMS/kdegraphics-kooka-3.2-15.10.C30mdk.i586.rpm
 4fcfd15bc4680b046f936cb90be34d7b  corporate/3.0/RPMS/kdegraphics-kpaint-3.2-15.10.C30mdk.i586.rpm
 8ef781fb7f45d38695ceb9f72f4b798e  corporate/3.0/RPMS/kdegraphics-kpdf-3.2-15.10.C30mdk.i586.rpm
 4c4a0f82f97641cef064d6ab94403249  corporate/3.0/RPMS/kdegraphics-kpovmodeler-3.2-15.10.C30mdk.i586.rpm
 72374d03b49e27ea13d7694d97cce12b  corporate/3.0/RPMS/kdegraphics-kruler-3.2-15.10.C30mdk.i586.rpm
 4788fa2a5dc91f0e4fc458c6109290c5  corporate/3.0/RPMS/kdegraphics-ksnapshot-3.2-15.10.C30mdk.i586.rpm
 9a6ee664e940732d19a66702a472e455  corporate/3.0/RPMS/kdegraphics-ksvg-3.2-15.10.C30mdk.i586.rpm
 a676a8a6b2822adf10e4d2d796df3067  corporate/3.0/RPMS/kdegraphics-kuickshow-3.2-15.10.C30mdk.i586.rpm
 469ac5e8b126f2d41df4417b62b0bd7a  corporate/3.0/RPMS/kdegraphics-kview-3.2-15.10.C30mdk.i586.rpm
 7ef54f74c757b83e78480bffe539c276  corporate/3.0/RPMS/kdegraphics-mrmlsearch-3.2-15.10.C30mdk.i586.rpm
 a788cd2f26d8eb376fa64e7001608970  corporate/3.0/RPMS/libkdegraphics0-common-3.2-15.10.C30mdk.i586.rpm
 bb7b505b53b5e378b740590840193e9e  corporate/3.0/RPMS/libkdegraphics0-common-devel-3.2-15.10.C30mdk.i586.rpm
 8a3fe88a91e2dfc1eda4b0d12e62e586  corporate/3.0/RPMS/libkdegraphics0-kooka-3.2-15.10.C30mdk.i586.rpm
 0d157bf382ddf00f4ff823af7b0c466e  corporate/3.0/RPMS/libkdegraphics0-kooka-devel-3.2-15.10.C30mdk.i586.rpm
 6fa38d8c0399479e02c86d8106707418  corporate/3.0/RPMS/libkdegraphics0-kpovmodeler-3.2-15.10.C30mdk.i586.rpm
 36497cc6ce05c95934ec173b2066f545  corporate/3.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.2-15.10.C30mdk.i586.rpm
 56f62a8bb3392610d744ef12129a97da  corporate/3.0/RPMS/libkdegraphics0-ksvg-3.2-15.10.C30mdk.i586.rpm
 55e0fd59587efcde7746b43ab3621615  corporate/3.0/RPMS/libkdegraphics0-ksvg-devel-3.2-15.10.C30mdk.i586.rpm
 7a6aaa83db931cf1c98cf0443d7acb4e  corporate/3.0/RPMS/libkdegraphics0-kuickshow-3.2-15.10.C30mdk.i586.rpm
 d39c7a51511a2e129cb852b2fa4bc582  corporate/3.0/RPMS/libkdegraphics0-kview-3.2-15.10.C30mdk.i586.rpm
 15a294973510b07ad69362ec44535ec4  corporate/3.0/RPMS/libkdegraphics0-kview-devel-3.2-15.10.C30mdk.i586.rpm
 0bfaeaf37e9d2155fd7797a28129bd23  corporate/3.0/RPMS/libkdegraphics0-mrmlsearch-3.2-15.10.C30mdk.i586.rpm
 7eb358dc7de55e5d5a1462cf7ac1bfc2  corporate/3.0/SRPMS/kdegraphics-3.2-15.10.C30mdk.src.rpm

2006.0 i586

 5571478fa1e44afdd4b79e4064e32825  2006.0/RPMS/kdegraphics-3.4.2-11.4.20060mdk.i586.rpm
 4fac0e64bb746dbc1b97a14d45e44c55  2006.0/RPMS/kdegraphics-common-3.4.2-11.4.20060mdk.i586.rpm
 a21961438caec4e42951dee4daba15f3  2006.0/RPMS/kdegraphics-kdvi-3.4.2-11.4.20060mdk.i586.rpm
 62ac8c14388b88574ac5f3f0ed9131a8  2006.0/RPMS/kdegraphics-kfax-3.4.2-11.4.20060mdk.i586.rpm
 87c5271edeb268f3972aecd707e503de  2006.0/RPMS/kdegraphics-kghostview-3.4.2-11.4.20060mdk.i586.rpm
 67311b22d57dec7d764df5841e66c644  2006.0/RPMS/kdegraphics-kiconedit-3.4.2-11.4.20060mdk.i586.rpm
 f79371a7b89aff6bcc051a808c8256a6  2006.0/RPMS/kdegraphics-kolourpaint-3.4.2-11.4.20060mdk.i586.rpm
 8bc799e22d31af2b70549ef0ea783dbb  2006.0/RPMS/kdegraphics-kooka-3.4.2-11.4.20060mdk.i586.rpm
 badb479cf7e85465e05d4672e3d52693  2006.0/RPMS/kdegraphics-kpaint-3.4.2-11.4.20060mdk.i586.rpm
 f6bd59cd551ef1e05653a24983c18f63  2006.0/RPMS/kdegraphics-kpdf-3.4.2-11.4.20060mdk.i586.rpm
 80c6766ce125696062e89bc35cb0e915  2006.0/RPMS/kdegraphics-kpovmodeler-3.4.2-11.4.20060mdk.i586.rpm
 78210a0f00735ea6bfda054f58af0947  2006.0/RPMS/kdegraphics-kruler-3.4.2-11.4.20060mdk.i586.rpm
 f006dec257c3796f1c5d413bee436a93  2006.0/RPMS/kdegraphics-ksnapshot-3.4.2-11.4.20060mdk.i586.rpm
 b1f0e66d0c752d2570025a1902e29c62  2006.0/RPMS/kdegraphics-ksvg-3.4.2-11.4.20060mdk.i586.rpm
 8335914c82e841fb7657fd661ca05fda  2006.0/RPMS/kdegraphics-kuickshow-3.4.2-11.4.20060mdk.i586.rpm
 084e692e116c78c3662bf11ce6a718bf  2006.0/RPMS/kdegraphics-kview-3.4.2-11.4.20060mdk.i586.rpm
 262f5ad056611140a806ddfed021e545  2006.0/RPMS/kdegraphics-mrmlsearch-3.4.2-11.4.20060mdk.i586.rpm
 38e429e272342355f559ba4d3d3f9018  2006.0/RPMS/libkdegraphics0-common-3.4.2-11.4.20060mdk.i586.rpm
 7e331ff83ad5d29ff0ef022f2049f017  2006.0/RPMS/libkdegraphics0-common-devel-3.4.2-11.4.20060mdk.i586.rpm
 50e5b541f1ef115981d2a79bd165ed3a  2006.0/RPMS/libkdegraphics0-kghostview-3.4.2-11.4.20060mdk.i586.rpm
 4dd31e2802711701043be68a79b8148b  2006.0/RPMS/libkdegraphics0-kghostview-devel-3.4.2-11.4.20060mdk.i586.rpm
 b94b9b4f40663bc1528847ff6063dfe0  2006.0/RPMS/libkdegraphics0-kooka-3.4.2-11.4.20060mdk.i586.rpm
 b6e2b0c853c7ddbb12bc9df946f8b588  2006.0/RPMS/libkdegraphics0-kooka-devel-3.4.2-11.4.20060mdk.i586.rpm
 77061dddbf3ffcf92de724df5625a5d5  2006.0/RPMS/libkdegraphics0-kpovmodeler-3.4.2-11.4.20060mdk.i586.rpm
 4fe20acd3d9cac3ea9de78ef300ef1d2  2006.0/RPMS/libkdegraphics0-kpovmodeler-devel-3.4.2-11.4.20060mdk.i586.rpm
 c5a6ae9a15abaf40eb0a73431f30c308  2006.0/RPMS/libkdegraphics0-ksvg-3.4.2-11.4.20060mdk.i586.rpm
 bdffb4513b48da6f406f1cfd5f611048  2006.0/RPMS/libkdegraphics0-ksvg-devel-3.4.2-11.4.20060mdk.i586.rpm
 a4741e1a2ade1bb107e5a640ab522912  2006.0/RPMS/libkdegraphics0-kuickshow-3.4.2-11.4.20060mdk.i586.rpm
 6201f4264502e199996e06e5c28a9f40  2006.0/RPMS/libkdegraphics0-kview-3.4.2-11.4.20060mdk.i586.rpm
 d2126b8ca9782352d7f4bfc814ee27b3  2006.0/RPMS/libkdegraphics0-kview-devel-3.4.2-11.4.20060mdk.i586.rpm
 1cb39fe5f5eb9b52dec73ac4fb7dc3bc  2006.0/RPMS/libkdegraphics0-mrmlsearch-3.4.2-11.4.20060mdk.i586.rpm
 d3d8c4bcc6a07894765b4f54dcc33c90  2006.0/SRPMS/kdegraphics-3.4.2-11.4.20060mdk.src.rpm

2006.0 x86_64

 511b7d335a7cab1a0b579d2017ab4399  x86_64/2006.0/RPMS/kdegraphics-3.4.2-11.4.20060mdk.x86_64.rpm
 6ee9e54ed0e2faf5764b92497325c04b  x86_64/2006.0/RPMS/kdegraphics-common-3.4.2-11.4.20060mdk.x86_64.rpm
 c23c3abb4fa6fd5f9864a1c1990ae3b3  x86_64/2006.0/RPMS/kdegraphics-kdvi-3.4.2-11.4.20060mdk.x86_64.rpm
 ec30639e148e5059bfa0e057c267900a  x86_64/2006.0/RPMS/kdegraphics-kfax-3.4.2-11.4.20060mdk.x86_64.rpm
 f9417d62d6d313a627079d951d15c093  x86_64/2006.0/RPMS/kdegraphics-kghostview-3.4.2-11.4.20060mdk.x86_64.rpm
 4f9f422e21039a0da91b6ee96a4fbfcb  x86_64/2006.0/RPMS/kdegraphics-kiconedit-3.4.2-11.4.20060mdk.x86_64.rpm
 e5e8bcc1bfe22c90dccd400042830114  x86_64/2006.0/RPMS/kdegraphics-kolourpaint-3.4.2-11.4.20060mdk.x86_64.rpm
 969e1bf13dfc87dbb915b8545bbc1e8a  x86_64/2006.0/RPMS/kdegraphics-kooka-3.4.2-11.4.20060mdk.x86_64.rpm
 1220fc72581d7f5805bccf64a2946ae5  x86_64/2006.0/RPMS/kdegraphics-kpaint-3.4.2-11.4.20060mdk.x86_64.rpm
 6f87404a6083a1cedc91d4732a7991c5  x86_64/2006.0/RPMS/kdegraphics-kpdf-3.4.2-11.4.20060mdk.x86_64.rpm
 a186ae8d3d68ba29221d2e77df09b62c  x86_64/2006.0/RPMS/kdegraphics-kpovmodeler-3.4.2-11.4.20060mdk.x86_64.rpm
 45a7044953ea9010e8953a5adc6f6814  x86_64/2006.0/RPMS/kdegraphics-kruler-3.4.2-11.4.20060mdk.x86_64.rpm
 24c394f49c0dea341ac408ac04c9191f  x86_64/2006.0/RPMS/kdegraphics-ksnapshot-3.4.2-11.4.20060mdk.x86_64.rpm
 a50907b9f26bc19b3d2681dbb66a958c  x86_64/2006.0/RPMS/kdegraphics-ksvg-3.4.2-11.4.20060mdk.x86_64.rpm
 6f12d203896e0dfefe1a75d0e0bc0a69  x86_64/2006.0/RPMS/kdegraphics-kuickshow-3.4.2-11.4.20060mdk.x86_64.rpm
 4c736a65e317ddc3d1f22413d30735e2  x86_64/2006.0/RPMS/kdegraphics-kview-3.4.2-11.4.20060mdk.x86_64.rpm
 c01486cdf68d0ec2b1027762f90b1403  x86_64/2006.0/RPMS/kdegraphics-mrmlsearch-3.4.2-11.4.20060mdk.x86_64.rpm
 3333ad89cdd605754a0650b12f145472  x86_64/2006.0/RPMS/lib64kdegraphics0-common-3.4.2-11.4.20060mdk.x86_64.rpm
 3313cb0ce01f9a401190039b16e70fa9  x86_64/2006.0/RPMS/lib64kdegraphics0-common-devel-3.4.2-11.4.20060mdk.x86_64.rpm
 e7c58e4080885697d9634cf59254f726  x86_64/2006.0/RPMS/lib64kdegraphics0-kghostview-3.4.2-11.4.20060mdk.x86_64.rpm
 a8f183fa72d80237c9de22b46e16dd79  x86_64/2006.0/RPMS/lib64kdegraphics0-kghostview-devel-3.4.2-11.4.20060mdk.x86_64.rpm
 78416878556439d5fb543e2f68922e54  x86_64/2006.0/RPMS/lib64kdegraphics0-kooka-3.4.2-11.4.20060mdk.x86_64.rpm
 28c37696391fd8872681271a4e59af67  x86_64/2006.0/RPMS/lib64kdegraphics0-kooka-devel-3.4.2-11.4.20060mdk.x86_64.rpm
 67dfbf91800f29f9e3600bb7ce10dbe1  x86_64/2006.0/RPMS/lib64kdegraphics0-kpovmodeler-3.4.2-11.4.20060mdk.x86_64.rpm
 815356158c0fb042b44e88faa62d369f  x86_64/2006.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.4.2-11.4.20060mdk.x86_64.rpm
 bdc1d335afe024fbf197918d44f33717  x86_64/2006.0/RPMS/lib64kdegraphics0-ksvg-3.4.2-11.4.20060mdk.x86_64.rpm
 f1f513f068a102cc911a1540c16533ed  x86_64/2006.0/RPMS/lib64kdegraphics0-ksvg-devel-3.4.2-11.4.20060mdk.x86_64.rpm
 cbc938763ca576a67a05c71f1f834ef0  x86_64/2006.0/RPMS/lib64kdegraphics0-kuickshow-3.4.2-11.4.20060mdk.x86_64.rpm
 5f9e65528f868bf924d51cbf50166e7e  x86_64/2006.0/RPMS/lib64kdegraphics0-kview-3.4.2-11.4.20060mdk.x86_64.rpm
 b096a0661234a1b74911adf4c556a25d  x86_64/2006.0/RPMS/lib64kdegraphics0-kview-devel-3.4.2-11.4.20060mdk.x86_64.rpm
 ba40ceb00e6e5b31ba07f6dc292bc250  x86_64/2006.0/RPMS/lib64kdegraphics0-mrmlsearch-3.4.2-11.4.20060mdk.x86_64.rpm
 d3d8c4bcc6a07894765b4f54dcc33c90  x86_64/2006.0/SRPMS/kdegraphics-3.4.2-11.4.20060mdk.src.rpm

CS3.0 x86_64

 4f308aa0245d68fbc18b97d3c87ef9bb  x86_64/corporate/3.0/RPMS/kdegraphics-3.2-15.10.C30mdk.x86_64.rpm
 42a339541c59d94a2a531ebbc150dcae  x86_64/corporate/3.0/RPMS/kdegraphics-common-3.2-15.10.C30mdk.x86_64.rpm
 950921f60034cfac79240e8752a7844f  x86_64/corporate/3.0/RPMS/kdegraphics-kdvi-3.2-15.10.C30mdk.x86_64.rpm
 8c4caaf3ca6a37a96ee34d56edc04406  x86_64/corporate/3.0/RPMS/kdegraphics-kfax-3.2-15.10.C30mdk.x86_64.rpm
 b2da83492903ab053c1e7578cffc00f8  x86_64/corporate/3.0/RPMS/kdegraphics-kghostview-3.2-15.10.C30mdk.x86_64.rpm
 8dd4ec6cf174bf26acc5a159a65dc31e  x86_64/corporate/3.0/RPMS/kdegraphics-kiconedit-3.2-15.10.C30mdk.x86_64.rpm
 45b712bb5d414dc26bbd478adb89284c  x86_64/corporate/3.0/RPMS/kdegraphics-kooka-3.2-15.10.C30mdk.x86_64.rpm
 5aa242203cab6cf863e269f24fdfbc50  x86_64/corporate/3.0/RPMS/kdegraphics-kpaint-3.2-15.10.C30mdk.x86_64.rpm
 870120fb6eda29a8c581136e40610ee8  x86_64/corporate/3.0/RPMS/kdegraphics-kpdf-3.2-15.10.C30mdk.x86_64.rpm
 7e9e83a20b3f59e50645e325f0de083c  x86_64/corporate/3.0/RPMS/kdegraphics-kpovmodeler-3.2-15.10.C30mdk.x86_64.rpm
 f3595b639604376576e64199e569e994  x86_64/corporate/3.0/RPMS/kdegraphics-kruler-3.2-15.10.C30mdk.x86_64.rpm
 aec4f9d72c7534f7e999844abec2bb5c  x86_64/corporate/3.0/RPMS/kdegraphics-ksnapshot-3.2-15.10.C30mdk.x86_64.rpm
 9daa2ed864224c4137023a2e504355ae  x86_64/corporate/3.0/RPMS/kdegraphics-ksvg-3.2-15.10.C30mdk.x86_64.rpm
 832990c2578381beed0b0623696bd0c2  x86_64/corporate/3.0/RPMS/kdegraphics-kuickshow-3.2-15.10.C30mdk.x86_64.rpm
 2f6fb9db1e52a97652599d022f8d9c9b  x86_64/corporate/3.0/RPMS/kdegraphics-kview-3.2-15.10.C30mdk.x86_64.rpm
 66189a8429d22d3068151cdb0a5c2290  x86_64/corporate/3.0/RPMS/kdegraphics-mrmlsearch-3.2-15.10.C30mdk.x86_64.rpm
 71150325ca380cdbaa5bba2d3e6d33ae  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-common-3.2-15.10.C30mdk.x86_64.rpm
 284b2540649f98d7e603e99b494e0c0a  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-common-devel-3.2-15.10.C30mdk.x86_64.rpm
 f0dded89caccda5ce65c9880cfe23e8c  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kooka-3.2-15.10.C30mdk.x86_64.rpm
 ccfed406ed331e0ec4ab69a4d984c4c1  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kooka-devel-3.2-15.10.C30mdk.x86_64.rpm
 f6ab21589eaca857f79612c426126bbe  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kpovmodeler-3.2-15.10.C30mdk.x86_64.rpm
 f1814f7487c16b35e8546ea20987c037  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kpovmodeler-devel-3.2-15.10.C30mdk.x86_64.rpm
 dc024e62088163e4b77604340f56a754  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-ksvg-3.2-15.10.C30mdk.x86_64.rpm
 36e50208d862299f399532adb8bd6c6c  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-ksvg-devel-3.2-15.10.C30mdk.x86_64.rpm
 23318e52cee183d5aadd7081356f781a  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kuickshow-3.2-15.10.C30mdk.x86_64.rpm
 5754f83186964102365dd48188952b3e  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kview-3.2-15.10.C30mdk.x86_64.rpm
 4cfb54fa564a453644d7cd41e8dde7f0  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-kview-devel-3.2-15.10.C30mdk.x86_64.rpm
 73b5f37e8fd9a6c09efe89ca2be3bc66  x86_64/corporate/3.0/RPMS/lib64kdegraphics0-mrmlsearch-3.2-15.10.C30mdk.x86_64.rpm
 7eb358dc7de55e5d5a1462cf7ac1bfc2  x86_64/corporate/3.0/SRPMS/kdegraphics-3.2-15.10.C30mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3628
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3193
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3192
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3191