[xpdf] multiple security vulnerabilities
Bug #160944 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fedora |
Fix Released
|
High
|
|||
poppler (Debian) |
Fix Released
|
Unknown
|
|||
poppler (Ubuntu) |
Fix Released
|
Undecided
|
Jamie Strandboge | ||
xpdf (Ubuntu) |
Fix Released
|
Undecided
|
Stephan Rügamer |
Bug Description
Binary package hint: xpdf
References:
http://
"Severity
Rating: Highly critical
Impact: System access
Where: Remote
Secunia Research has discovered some vulnerabilities in Xpdf, which can
be exploited by malicious people to compromise a user's system."
xpdf is in universe, but perhaps there are some supported packages that are affected by these issues?
Related branches
Changed in xpdf: | |
assignee: | nobody → shermann |
status: | New → In Progress |
Changed in poppler: | |
status: | In Progress → Fix Released |
Changed in poppler: | |
status: | Unknown → Fix Released |
Changed in fedora: | |
importance: | Unknown → High |
To post a comment you must log in.
Alin Rad Pop of the Secunia Research discovered a vulnerability in
xpdf/Stream.cc code:
An array indexing error exists within the "DCTStream: :readProgressiv eDataUnit( )"
method in xpdf/Stream.cc. This can be exploited to corrupt memory via a
specially crafted PDF file.