Poppler and Xpdf are vulnerable to an integer overflow in the
StreamPredictor::StreamPredictor function, and a stack overflow in the
StreamPredictor::getNextLine function. The original vulnerability was
discovered by Maurycy Prodeus. Note: Gentoo's version of Xpdf is
patched to use the Poppler library, so the update to Poppler will also
fix Xpdf.
Impact
======
By enticing a user to view a specially crafted program with a
Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview, or Evince, a
remote attacker could cause an overflow, potentially resulting in the
execution of arbitrary code with the privileges of the user running the
application.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Poppler users should upgrade to the latest version of Poppler:
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
Gentoo Linux Security Advisory GLSA 200709-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Poppler: Two buffer overflow vulnerabilities
Date: September 19, 2007
Bugs: #188863
ID: 200709-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Poppler is vulnerable to an integer overflow and a stack overflow.
Background
==========
Poppler is a cross-platform PDF rendering library originally based on
Xpdf.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/poppler < 0.5.4-r2 >= 0.5.4-r2
Description
===========
Poppler and Xpdf are vulnerable to an integer overflow in the
StreamPredictor::StreamPredictor function, and a stack overflow in the
StreamPredictor::getNextLine function. The original vulnerability was
discovered by Maurycy Prodeus. Note: Gentoo's version of Xpdf is
patched to use the Poppler library, so the update to Poppler will also
fix Xpdf.
Impact
======
By enticing a user to view a specially crafted program with a
Poppler-based PDF viewer such as Gentoo's Xpdf, Epdfview, or Evince, a
remote attacker could cause an overflow, potentially resulting in the
execution of arbitrary code with the privileges of the user running the
application.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Poppler users should upgrade to the latest version of Poppler:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/poppler-0.5.4-r2"
References
==========
[ 1 ] CVE-2007-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200709-12.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iQEVAwUBRvGZIjvRww8BFPxFAQLe9Qf+IhF34FlvyC/dFfQKua7rw/mzZWHxMa0u
hwkBRm1cp8htK0FGTtoLT9wflBb+wMBU/8sf06pOCgz0isJWXjjCBVZWitpagld8
uEgSAdjRCAtYWBZ85ESQUPZhu7iRykWdnavgx4BGY5BIqWdaxAL2GyOuKmWeQ2GH
DS47bBvvKZiJT2vHvnRcH/GFs31xv0OKpHaTEWe9uLgWFh398GJG5nFuGYFTHOXu
wR+loFkYi5bFbg/RCqsIPkWZbCPVdfILRC0J5HXZQYc491tF50c7U/pyGTlA4Dx3
ecGi+Anr6pTaDDpzOe2JR6igw6a5lgid2sIHz/DThkgdkKFfdCoYZw==
=rmwm
-----END PGP SIGNATURE-----
[ reply ]