---

Gentoo Linux Security Advisory GLSA 200601-17

---

                                        http://security.gentoo.org/

---

Severity: Normal
Title: Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap
overflows
Date: January 30, 2006
Bugs: #117481, #117494, #117495, #115789, #118665
ID: 200601-17

---

Synopsis

Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to
integer overflows that may be exploited to execute arbitrary code.

Background

Xpdf is a PDF file viewer that runs under the X Window System. Poppler
is a PDF rendering library based on the Xpdf 3.0 code base. GPdf is a
PDF file viewer for the GNOME 2 platform, also based on Xpdf.
libextractor is a library which includes Xpdf code to extract arbitrary
meta-data from files. pdftohtml is a utility to convert PDF files to
HTML or XML formats that makes use of Xpdf code to decode PDF files.

Affected packages

-------------------------------------------------------------------
 Package                  /   Vulnerable   /            Unaffected
-------------------------------------------------------------------

1 app-text/xpdf < 3.01-r5 >= 3.01-r5
2 app-text/poppler < 0.4.3-r4 >= 0.4.3-r4
3 app-text/gpdf < 2.10.0-r3 >= 2.10.0-r3
4 media-libs/libextractor < 0.5.9 >= 0.5.9
5 app-text/pdftohtml < 0.36-r4 Vulnerable!
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
5 affected packages on all of their supported architectures.
-------------------------------------------------------------------

Description

Chris Evans has reported some integer overflows in Xpdf when attempting
to calculate buffer sizes for memory allocation, leading to a heap
overflow and a potential infinite loop when handling malformed input
files.

Impact

By sending a specially crafted PDF file to a victim, an attacker could
cause an overflow, potentially resulting in the execution of arbitrary
code with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All Xpdf users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r5"

All Poppler users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/poppler-0.4.3-r4"

All GPdf users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r3"

All libextractor users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/libextractor-0.5.9"

All pdftohtml users should migrate to the latest stable version of
Poppler.

References

[ 1 ] CVE-2005-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
[ 2 ] CVE-2005-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
[ 3 ] CVE-2005-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
[ 4 ] CVE-2005-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200601-17.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0