|
|
>> Xpdf PDF File Handling Multiple Integer and Stack Overflow Vulnerabilities
|
Title : Xpdf PDF File Handling Multiple Integer and Stack Overflow Vulnerabilities
VUPEN ID : VUPEN/ADV-2007-2704
CVE ID : CVE-2007-3387
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-07-31
|
Two vulnerabilities have been identified in Xpdf, which could be exploited by remote attackers to cause a denial of service or compromise an affected system. These issues are caused by an integer overflow error in the "StreamPredictor::StreamPredictor()" [xpdf/Stream.cc] function and a stack overflow error in the "StreamPredictor::getNextLine()" [xpdf/Stream.cc] function when processing malformed data, which could be exploited by attackers to crash a vulnerable application or execute arbitrary code by tricking a user into opening a specially crafted PDF file.
Affected Products
xpdf version 3.02 and prior
Solution
Apply patch :
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
References
http://www.vupen.com/english/advisories/2007/2704
http://www.gentoo.org/security/en/glsa/glsa-200709-12.xml
Credits
Vulnerability reported by Maurycy Prodeus (iSEC).
ChangeLog
2007-07-31 : Initial release
2007-09-20 : Updated References
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
