Debian
xpdf package

  1. Bug #12059
  2. Comment #5

Comment 5 for bug 12059

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Wed, 19 Jan 2005 21:16:27 +0100
From: Martin Schulze <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: Re: Bug#291266: vulnerable to CAN-2005-0064

Joey Hess wrote:
> xpdf is vulnerable to a buffer overflow that can be exploited by
> malicious pdfs to execute arbitrary code. The hole is described here:
> http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities&flashstatus=false
>
> I've attached a patch that adds bounds checking to close the hole.

For the unstable distribution (sid) this problem has been fixed in
version 3.00-12.

It's in Incoming already.

Just FYI.

Regards,

 Joey

--
Ten years and still binary compatible. -- XFree86

Please always Cc to me when replying to me on the lists.