FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xpdf -- disk fill DoS vulnerability

Affected packages
xpdf < 3.00_7
kdegraphics < 3.4.2
gpdf < 2.10.0_2
cups-base < 1.1.23.0_5

Details

VuXML ID 24eee285-09c7-11da-bc08-0001020eed82
Discovery 2005-08-09
Entry 2005-08-12
Modified 2005-09-07

xpdf is vulnerable to a denial of service vulnerability which can cause xpdf to create an infinitely large file, thereby filling up the /tmp partition, when opening a specially crafted PDF file.

Note that several applications contains an embedded version of xpdf, therefor making them the vulnerable to the same DoS. In CUPS this vulnerability would cause the pdftops filter to crash.

References

Bugtraq ID 14529
CVE Name CVE-2005-2097
URL http://rhn.redhat.com/errata/RHSA-2005-670.html
URL http://www.kde.org/info/security/advisory-20050809-1.txt