FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xpdf -- buffer overflow vulnerability

Affected packages
xpdf < 3.00_5
kdegraphics < 3.3.2_1
gpdf <= 2.8.1
teTeX-base <= 2.0.2_6
cups-base <= 1.1.22.0
koffice <= 1.3.5,1
pdftohtml < 0.36_1

Details

VuXML ID e3e266e9-5473-11d9-a9e7-0001020eed82
Discovery 2004-11-23
Entry 2004-12-23
Modified 2005-01-13

An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer, as included in multiple Linux distributions, could allow attackers to execute arbitrary code as the user viewing a PDF file. The offending code can be found in the Gfx::doImage() function in the source file xpdf/Gfx.cc.

References

CVE Name CVE-2004-1125
URL http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities