Xpdf/CUPS pdftops Integer Overflow Vulnerability

Solution:
This issue has been addressed in CUPS 1.1.18 and later.

Conectiva has released advisory CLA-2003:702 to address this issue. Further information regarding obtaining and applying fixes can be found in the referenced advisory.

Gentoo Linux has released an advisory. Users who have installed app-text/xpdf-1.01-r1 or earlier are advised to update their systems by issuing the following commands:

emerge rsync
emerge xpdf
emerge clean

Debian has released an advisory (DSA 222-1) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

The Xpdf vendor has released a patch which addresses this issue. Users are advised to upgrade to Xpdf 2.01 and apply the patch.


Xpdf Xpdf 0.90

Xpdf Xpdf 0.92

Xpdf Xpdf 1.0 1

Xpdf Xpdf 1.0 0

Easy Software Products CUPS 1.0.4 -8

Easy Software Products CUPS 1.0.4

Easy Software Products CUPS 1.1.1

Easy Software Products CUPS 1.1.10

Easy Software Products CUPS 1.1.13

Easy Software Products CUPS 1.1.14

Easy Software Products CUPS 1.1.17

Easy Software Products CUPS 1.1.4 -5

Easy Software Products CUPS 1.1.4 -2

Easy Software Products CUPS 1.1.4

Easy Software Products CUPS 1.1.4 -3

Easy Software Products CUPS 1.1.6

Easy Software Products CUPS 1.1.7

Xpdf Xpdf 2.0 1


 

Privacy Statement
Copyright 2010, SecurityFocus