Bug#291270: kpdf: vulnerable to CAN-2005-0064, buffer overflow in xpdf
Package: kpdf
Version: 4:3.3.1-2
Severity: grave
Tags: security
Since kpdf includes a copy of xpdf, it is vulnerable to CAN-2005-0064,
"Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc
for xpdf 3.00 and earlier allows remote attackers to execute arbitrary
code via a PDF file with a large /Encrypt /Length keyLength value."
See the KDE Security Advisory at:
http://www.kde.org/info/security/advisory-20050119-1.txt
An upload is expected today (not before dinstall, though).
--
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
Experience is something you don't get until just after you need it.
Reply to: