SecurityTracker: (KDE Issues Fix for kpdf) Xpdf Bugs in streams and t1lib Let Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > KDE

Vendors: KDE.org

(KDE Issues Fix for kpdf) Xpdf Bugs in streams and t1lib Let Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1018919

SecurityTracker URL: http://securitytracker.com/id/1018919

CVE Reference: CVE-2007-4352, CVE-2007-5392, CVE-2007-5493 (Links to External Site)

Date: Nov 8 2007

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): KDE 3.2.0 through 3.5.8; KOffice 1.x

Description: Several vulnerabilities were reported in Xpdf. A remote user can cause arbitrary code to be executed on the target user's system. Kpdf is affected.

A remote user can create a specially crafted PDF file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A specially crafted Type 1 font filename can trigger a flaw in the t1lib library and cause code execution [CVE-2007-4033]

Specially crafted data can trigger a memory corruption error in the DCTStream::readProgressiveDataUnit() function in 'xpdf/Stream.cc' [CVE-2007-4352].

Specially crafted data can trigger an integer overflow in the DCTStream::reset() function in 'xpdf/Stream.cc' [CVE-2007-5392].

A specially crafted CCITTFaxDecode filter can trigger a heap overflow in the CCITTFaxStream::lookChar() function in 'xpdf/Stream.cc' [CVE-2007-5393].

The vendor was notified on October 17, 2007.

Alin Rad Pop of Secunia Research reported three of these vulnerabilities. r0ut3r discovered one of these vulnerabilities.

Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued the following patches.

Patch for KOffice 1.6.3 and newer is available from
ftp://ftp.kde.org/pub/kde/security_patches :

1d6b58dbe1cab4b0168a8e4344f8d7af koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff

Patch for KDE 3.5.8 and newer is available from
ftp://ftp.kde.org/pub/kde/security_patches :

eee08cb565c24ad645aad3136de5162d post-3.5.8-kdegraphics-kpdf.diff

Patch for KDE 3.5.5 and newer is available from
ftp://ftp.kde.org/pub/kde/security_patches :

b2214c8e8f6300e72bd92f9ba12a33c7 post-3.5.5-kdegraphics-CVE-2007-5393.diff

Patch for KDE 3.4.3 and newer is available from
ftp://ftp.kde.org/pub/kde/security_patches :

e7ff688250cee0e1d81f4d65fc0f9871 post-3.4.3-kdegraphics-CVE-2007-5393.diff

The KDE advisory is available at:

http://www.kde.org/info/security/advisory-20071107-1.txt

Cause: Access control error, Boundary error

Underlying OS: Linux (Any)

Message History: This archive entry is a follow-up to the message listed below.

Xpdf Bugs in streams and t1lib Let Remote Users Execute Arbitrary Code

Source Message Contents

Date: Thu, 8 Nov 2007 07:35:24 -0500
Subject: KDE



KDE Security Advisory: kpdf/kword/xpdf multiple xpdf based vulnerabilities
Original Release Date: 2007-11-07
URL: http://www.kde.org/info/security/advisory-20071107-1.txt

0. References
         CVE-2007-4352
         CVE-2007-5392
         CVE-2007-5493

1. Systems affected:

        KDE 3.2.0 up to including KDE 3.5.8.
        All KOffixe 1.x releases.


2. Overview:

        kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
        multiple vulnerabilities that can crash kpdf or possibly
        execute arbitrary code. The issues were reported by Secunia
        Research. Similiar xpdf based code also exists in kword
        pdf import filters of KOffice 1.x.


3. Impact:

        Remotely supplied pdf files can be used to disrupt the kpdf
        viewer on the client machine and possibly execute arbitrary code.


4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        Patch for KOffice 1.6.3 and newer is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        1d6b58dbe1cab4b0168a8e4344f8d7af  koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff


        Patch for KDE 3.5.8 and newer is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        eee08cb565c24ad645aad3136de5162d  post-3.5.8-kdegraphics-kpdf.diff


        Patch for KDE 3.5.5 and newer is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        b2214c8e8f6300e72bd92f9ba12a33c7  post-3.5.5-kdegraphics-CVE-2007-5393.diff

        Patch for KDE 3.4.3 and newer is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        e7ff688250cee0e1d81f4d65fc0f9871  post-3.4.3-kdegraphics-CVE-2007-5393.diff

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC