Bug#291270: kpdf: vulnerable to CAN-2005-0064, buffer overflow in xpdf

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#291270: kpdf: vulnerable to CAN-2005-0064, buffer overflow in xpdf
From: Adeodato Simó <asp16@alu.ua.es>
Date: Wed, 19 Jan 2005 20:34:48 +0100
Message-id: <[🔎] 20050119193448.GA20499@chistera.yi.org>
Reply-to: Adeodato Simó <asp16@alu.ua.es>, 291270@bugs.debian.org

Package: kpdf
Version: 4:3.3.1-2
Severity: grave
Tags: security

  Since kpdf includes a copy of xpdf, it is vulnerable to CAN-2005-0064,
  "Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc
  for xpdf 3.00 and earlier allows remote attackers to execute arbitrary
  code via a PDF file with a large /Encrypt /Length keyLength value."

  See the KDE Security Advisory at:

    http://www.kde.org/info/security/advisory-20050119-1.txt
    
  An upload is expected today (not before dinstall, though).

-- 
Adeodato Simó
    EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
 
Experience is something you don't get until just after you need it.

Reply to:

Follow-Ups:
- Bug#291270: marked as done (kpdf: vulnerable to CAN-2005-0064, buffer overflow in xpdf)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#289468: strace shows strange font XFLD
Next by Date: Processed: merging 291270 291251
Previous by thread: Bug#289468: strace shows strange font XFLD
Next by thread: Bug#291270: marked as done (kpdf: vulnerable to CAN-2005-0064, buffer overflow in xpdf)
Index(es):
- Date
- Thread