Package: cupsys Version: 1.1.23-11 Severity: important Tags: etch sarge sid security patch The cupsys package in all distributions is vulnerable to a local attack that could cause a DoS: From http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097 "xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information." Attached is the patch that has been used in the Fedora Core 3 update (FEDORA-2005-733 : cups-CAN-2005-2097.patch) Regards Javier
--- cups-1.1.22rc1/pdftops/FontFile.cxx.CAN-2005-2097 2005-07-29 16:19:40.000000000 +0100 +++ cups-1.1.22rc1/pdftops/FontFile.cxx 2005-07-29 16:33:40.000000000 +0100 @@ -18,6 +18,7 @@ #include <stdarg.h> #include <string.h> #include <ctype.h> +#include <error.h> #include "gmem.h" #include "GHash.h" #include "Error.h" @@ -3572,6 +3573,9 @@ } else { origLocaTable[i].pos = 2 * getUShort(pos + 2*i); } + + if (origLocaTable[i].pos < 0 || origLocaTable[i].pos > len) + error (1, 0, "bad loca table pos value"); } qsort(origLocaTable, nGlyphs + 1, sizeof(TrueTypeLoca), &cmpTrueTypeLocaPos); for (i = 0; i < nGlyphs; ++i) {
Attachment:
signature.asc
Description: Digital signature