• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

XPDF JPX Stream Reader Remote Heap Buffer Overflow Vulnerability

References:

• ASA-2007-281 - Multiple Security Vulnerabilities in the Solaris Gnome PDF Viewer (Avaya)
  
• Bug 313117: gpdf: DoS from XPDF issue (GNOME)
  
• Debian Bug report logs - #342287 kpdf: source taken from xpdf may introduce heap (Debian)
  
• Debian Bug report logs - #342292 tetex-bin: Multiple exploitable heap overflows (Debian)
  
• DSA-961-1 pdfkit.framework -- buffer overflows (Debian)
  
• DSA-962-1 pdftohtml -- buffer overflows (Debian)
  
• Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability (iDEFENSE)
  
• Multiple Vendor xpdf DCTStream Progressive Heap Overflow (iDEFENSE)
  
• Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability (iDEFENSE)
  
• Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability (iDEFENSE)
  
• RHSA-2005:840-10 - xpdf security update (RedHat)
  
• RHSA-2005:840-5 - xpdf security update (RedHat)
  
• RHSA-2005:867-5 - gpdf security update (RedHat)
  
• RHSA-2005:868-4 - kdegraphics security update (RedHat)
  
• RHSA-2005:878-4 - cups security update (RedHat)
  
• RHSA-2006:0160-14 - tetex security update (RedHat)
  
• Sun Alert ID: 102972 - Multiple Security Vulnerabilities in the Solaris Gnome PD (Sun)
  
• TLSA-2006-2 - Multiple vulnerabilities exist in cups (TurboLinux)
  
• Xpdf Home Page (Xpdf)
  
• [DSA 950-1] New CUPS packages fix arbitrary code execution (joey@infodrom.org (Martin Schulze))