[Frugalware-git] homepage-ng: FSA735-xpdf

Sun, 21 Aug 2011 15:47:28 -0700 

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=f5974a8e0f4554231d8affe8d5fddad4aca05cbe

commit f5974a8e0f4554231d8affe8d5fddad4aca05cbe
Author: Miklos Vajna <vmik...@frugalware.org>
Date:   Mon Aug 22 00:45:24 2011 +0200

FSA735-xpdf

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 23fa3e0..1390a5d 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -26,6 +26,27 @@

<fsas>
<fsa>
+               <id>735</id>
+               <date>2011-08-22</date>
+               <author>Miklos Vajna</author>
+               <package>xpdf</package>
+               <vulnerable>3.02-6</vulnerable>
+               <unaffected>3.02-7mores1</unaffected>
+               <bts>http://bugs.frugalware.org/task/4236</bts>
+               <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1188
+                       
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3603
+                       
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3604
+                       
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3606
+                       
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3608
+                       
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3609</cve>
+               <desc>Some vulnerabilities have been reported in Xpdf, which 
can be exploited by malicious people to potentially compromise a user's system.
+1) Multiple integer overflows in "SplashBitmap::SplashBitmap()" can be 
exploited to cause heap-based buffer overflows.
+2) An integer overflow error in "ObjectStream::ObjectStream()" can be 
exploited to cause a heap-based buffer overflow.
+3) Multiple integer overflows in "Splash::drawImage()" can be exploited to 
cause heap-based buffer overflows.
+4) An integer overflow error in "PSOutputDev::doImageL1Sep()" can be exploited 
to cause a heap-based buffer overflow when converting a PDF document to a PS 
file.
+Successful exploitation of the vulnerabilities may allow execution of 
arbitrary code by tricking a user into opening a specially crafted PDF 
file.</desc>
+       </fsa>
+       <fsa>
<id>734</id>
<date>2011-08-17</date>
<author>Miklos Vajna</author>
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to