xpdf

• Author: voroskoi
• Vulnerable: 3.02-3
• Unaffected: 3.02-4sayshell1

Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user’s system.

1. An array indexing error within the “DCTStream::readProgressiveDataUnit()” method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.
2. An integer overflow error within the “DCTStream::reset()” method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
3. A boundary error within the “CCITTFaxStream::lookChar()” method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted “CCITTFaxDecode” filter. Successful exploitation allows execution of arbitrary code.

• Bug Tracker URL: http://bugs.frugalware.org/task/2558

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393