Ubuntu
koffice package

[kpdf] multiple xpdf based vulnerabilities

Bug #160948 reported by disabled.user
254
Affects Status Importance Assigned to Milestone
kdegraphics (Ubuntu)
Invalid
Undecided
Unassigned
koffice (Ubuntu)
Fix Released
Undecided
Jamie Strandboge

Bug Description

Binary package hint: kpdf

References:
http://www.kde.org/info/security/advisory-20071107-1.txt

"Systems affected:
KDE 3.2.0 up to including KDE 3.5.8.
All KOffice 1.x releases.

Overview:
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
multiple vulnerabilities that can crash kpdf or possibly
execute arbitrary code. The issues were reported by Secunia
Research. Similiar xpdf based code also exists in kword
pdf import filters of KOffice 1.x."

See also Bug #160944.

From Bug #129940 I remember that Ubuntu's kpdf/kdegraphics/koffice relies on poppler, but since I'm not sure if the reported issues don't affect (K)Ubuntu's packages, I'm submitting this bug report.

CVE References

Revision history for this message
Kees Cook (kees) wrote :

Thanks for this report! This is being worked on and will be released shortly.

Changed in koffice:
assignee: nobody → jamie-strandboge
status: New → In Progress
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

kdegraphics/kpdf in all currect releases of Ubuntu does use poppler, which has been updated.

Changed in koffice:
status: In Progress → Fix Released
Changed in kdegraphics:
status: New → Invalid
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.