* SECURITY UPDATE:
- CVE-2007-4352: Array index error in the
DCTStream::readProgressiveDataUnit i
method in xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows
remote attackers to trigger memory corruption and execute arbitrary code
via a crafted PDF file.
- CVE-2007-5392: Integer overflow in the DCTStream::reset method in
xpdf/Stream.cc
in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote attackers
to execute arbitrary code via a crafted PDF file, resulting in a
heap-based buffer overflow.
- CVE-2007-5393: Heap-based buffer overflow in the CCITTFaxStream::lookChar
method in xpdf/Stream.cc
in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote attackers to execute
arbitrary code via a PDF
file that contains a crafted CCITTFaxDecode filter.
* debian/patches/fix-CVE-2007-5393_2007-5392_2007-4352.dpatch: added patch by
Nico Golde <[EMAIL PROTECTED]>
to fix those issues (LP: #160944)
* References:
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450629
** Attachment added: "gutsy debdiff to fix this three CVE issues"
http://launchpadlibrarian.net/10340087/gutsy_xpdf_3.02-1.2ubuntu1.1.debdiff
--
[xpdf] multiple security vulnerabilities
https://bugs.launchpad.net/bugs/160944
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
