Package: cupsys Version: 1.1.23-11 Severity: important Tags: etch sarge sid security patch The cupsys package in all distributions is vulnerable to a local attack that could cause a DoS: From http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097 "xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information." Attached is the patch that has been used in the Fedora Core 3 update (FEDORA-2005-733 : cups-CAN-2005-2097.patch) Regards Javier
--- cups-1.1.22rc1/pdftops/FontFile.cxx.CAN-2005-2097 2005-07-29 16:19:40.000000000 +0100
+++ cups-1.1.22rc1/pdftops/FontFile.cxx 2005-07-29 16:33:40.000000000 +0100
@@ -18,6 +18,7 @@
#include <stdarg.h>
#include <string.h>
#include <ctype.h>
+#include <error.h>
#include "gmem.h"
#include "GHash.h"
#include "Error.h"
@@ -3572,6 +3573,9 @@
} else {
origLocaTable[i].pos = 2 * getUShort(pos + 2*i);
}
+
+ if (origLocaTable[i].pos < 0 || origLocaTable[i].pos > len)
+ error (1, 0, "bad loca table pos value");
}
qsort(origLocaTable, nGlyphs + 1, sizeof(TrueTypeLoca), &cmpTrueTypeLocaPos);
for (i = 0; i < nGlyphs; ++i) {
Attachment:
signature.asc
Description: Digital signature