Support / Sécurité / Annonces de sécurité / Mandriva Linux 2007.1 / MDKSA-2007:160

Nom du paquet: pdftohtml
Date: 2007-08-13
Advisory ID: MDKSA-2007:160
Affected versions: 2007.1 x86_64 , 2007.1 i586 , 2007.0 x86_64 , 2007.0 i586

Problem description

Maurycy Prodeus found an integer overflow vulnerability in the way
various PDF viewers processed PDF files. An attacker could create a
malicious PDF file that could cause pdftohtml to crash and possibly
execute arbitrary code open a user opening the file.

This update provides packages which are patched to prevent these
issues.

Updated packages

2007.1 x86_64

 2d572fa290a490bbcaff73898c95a2af  2007.1/x86_64/pdftohtml-0.39-1.1mdv2007.1.x86_64.rpm 
 17a547b0f2d2fecc5800083143dc730f  2007.1/SRPMS/pdftohtml-0.39-1.1mdv2007.1.src.rpm

2007.1 i586

 66426070761def5ae0ee9f6f1b174a46  2007.1/i586/pdftohtml-0.39-1.1mdv2007.1.i586.rpm 
 17a547b0f2d2fecc5800083143dc730f  2007.1/SRPMS/pdftohtml-0.39-1.1mdv2007.1.src.rpm

2007.0 x86_64

 686d03f528d949957ff5884bb505d762  2007.0/x86_64/pdftohtml-0.36-5.2mdv2007.0.x86_64.rpm 
 ed0f9331d0f7042c9ef0df41d28c1e69  2007.0/SRPMS/pdftohtml-0.36-5.2mdv2007.0.src.rpm

2007.0 i586

 4592a1f7115b10ad63444f4573a30365  2007.0/i586/pdftohtml-0.36-5.2mdv2007.0.i586.rpm 
 ed0f9331d0f7042c9ef0df41d28c1e69  2007.0/SRPMS/pdftohtml-0.36-5.2mdv2007.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387