FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Xpdf -- Multiple Vulnerabilities

Affected packages
xpdf < 3.02_11

Details

VuXML ID 8581189c-bd5f-11de-8709-0017a4cccfc6
Discovery 2009-10-14
Entry 2009-10-20

SecurityFocus reports:

Some vulnerabilities have been reported in Xpdf, which can be exploited by malicious people to potentially compromise a user's system.

1) Multiple integer overflows in "SplashBitmap::SplashBitmap()" can be exploited to cause heap-based buffer overflows.

2) An integer overflow error in "ObjectStream::ObjectStream()" can be exploited to cause a heap-based buffer overflow.

3) Multiple integer overflows in "Splash::drawImage()" can be exploited to cause heap-based buffer overflows.

4) An integer overflow error in "PSOutputDev::doImageL1Sep()" can be exploited to cause a heap-based buffer overflow when converting a PDF document to a PS file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code by tricking a user into opening a specially crafted PDF file.

References

URL http://secunia.com/advisories/37053/
URL http://www.securityfocus.com/archive/1/507261