FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xpdf -- makeFileKey2() buffer overflow vulnerability

Affected packages
xpdf < 3.00_6
kdegraphics < 3.3.2_2
gpdf < 2.8.3
teTeX-base < 2.0.2_9
cups-base < 1.1.23.0_3
koffice < 1.3.5_2,1
pdftohtml < 0.36_2

Details

VuXML ID f755545e-6fcd-11d9-abec-00061bd2d56f
Discovery 2005-01-06
Entry 2005-01-26
Modified 2005-02-03

An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer included in multiple Unix and Linux distributions could allow for arbitrary code execution as the user viewing a PDF file.

The vulnerability specifically exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. The offending code can be found in the Decrypt::makeFileKey2 function in the source file xpdf/Decrypt.cc.

References

CVE Name CVE-2005-0064
Message FB24803D1DF2A34FA59FC157B77C970503C8B298@idserv04.idef.com
URL http://www.koffice.org/security/advisory-20050120-1.txt