Package: xpdf-reader
Version: 3.02-1.4
Severity: grave
Justification: security
$ wget http://www.adobe.com/products/postscript/pdfs/PLRM.pdf
...
$ sha256sum PLRM.pdf
6b29e79e4ab64aaa61a3fb27a0f36838c01f2530362873ac316bdb493a1bab6b PLRM.pdf
$ xpdf PLRM.pdf
... (scoll down a few pages)
Segmentation fault (core dumped)
$ gdb /usr/bin/xpdf.bin core
...
Core was generated by `xpdf PLRM.pdf'.
Program terminated with signal 11, Segmentation fault.
[New process 3773]
#0 0x2baa8263045a in XPutImage () from /usr/lib/libX11.so.6
(gdb) bt
#0 0x2baa8263045a in XPutImage () from /usr/lib/libX11.so.6
#1 0x0049acaa in ?? ()
#2 0x00465686 in ?? ()
#3 0x004686a0 in ?? ()
#4 0x0049cbb8 in ?? ()
#5 0x0046451c in ?? ()
#6 0x004a630d in ?? ()
#7 0x004a68a2 in ?? ()
#8 0x0049b8a0 in ?? ()
#9 0x2baa81958a1f in XtCallCallbackList () from /usr/lib/libXt.so.6
#10 0x2baa81653bc5 in _XmDrawingAreaInput () from /usr/lib/libXm.so.2
#11 0x2baa8198dabe in ?? () from /usr/lib/libXt.so.6
#12 0x2baa8198ded9 in ?? () from /usr/lib/libXt.so.6
#13 0x2baa8198e5df in _XtTranslateEvent () from /usr/lib/libXt.so.6
#14 0x2baa8196632a in XtDispatchEventToWidget () from /usr/lib/libXt.so.6
#15 0x2baa819669f6 in ?? () from /usr/lib/libXt.so.6
#16 0x2baa81965b3b in XtDispatchEvent () from /usr/lib/libXt.so.6
#17 0x2baa81965ca3 in XtAppMainLoop () from /usr/lib/libXt.so.6
#18 0x004aa0e6 in ?? ()
#19 0x2baa832c91a6 in __libc_start_main () from /lib/libc.so.6
#20 0x00406329 in ?? ()
#21 0x7fff29be5178 in ?? ()
#22 0x001c in ?? ()
#23 0x0002 in ?? ()
#24 0x7fff29be5812 in ?? ()
#25 0x7fff29be5817 in ?? ()
#26 0x in ?? ()
(gdb) quit
$
I do not know whether this has a security impact[1], so I go the safe
way and report this as a security issue. If it turns out to be harmless,
please downgrade the severity.
Helmut
[1] xpdf is often automatically launched by webbrowsers or even
mozplugger. So if this is exploitable it allows user assisted code
execution.
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.23.14 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Versions of packages xpdf depends on:
ii xpdf-common 3.02-1.4 Portable Document Format (PDF) sui
ii xpdf-reader 3.02-1.4 Portable Document Format (PDF) sui
ii xpdf-utils3.02-1.4 Portable Document Format (PDF) sui
xpdf recommends no packages.
xpdf suggests no packages.
Versions of packages xpdf-reader depends on:
ii gsfonts 1:8.11+urwcyr1.0.7~pre44-4 Fonts for the Ghostscript interpre
ii lesstif2 1:0.95.0-2.1 OSF/Motif 2.1 implementation relea
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libfreetype6 2.3.7-2FreeType 2 font engine, shared lib
ii libgcc1 1:4.3.2-3 GCC support library
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libpaper1 1.1.23+nmu1library for handling paper charact
ii libsm62:1.0.3-2 X11 Session Management library
ii libstdc++64.3.2-3The GNU Standard C++ Library v3
ii libt1-5 5.1.2-3Type 1 font rasterizer library - r
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxp61:1.0.0.xsf1-2 X Printing Extension (Xprint) clie
ii libxpm4 1:3.5.7-1 X11 pixmap library
ii libxt61:1.0.5-3 X11 toolkit intrinsics library
ii xpdf-common 3.02-1.4 Portable Document Format (PDF) sui
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org