Bug#342294: koffice: Exploitable heap overflows in embedded xpdf copy

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#342294: koffice: Exploitable heap overflows in embedded xpdf copy
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 06 Dec 2005 23:21:22 +0100
Message-id: <[🔎] 20051206222122.7898.44560.reportbug@localhost.localdomain>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 342294@bugs.debian.org

Package: koffice
Severity: grave
Tags: security
Justification: user security hole

Some heap overflows have been found in xpdf, of which koffice ships
a local copy. It is therefore vulnerable to a subset of the xpdf issues:

CVE-2005-3191:
http://www.idefense.com/application/poi/display?id=342
http://www.idefense.com/application/poi/display?id=343

CVE-2005-3192:
http://www.idefense.com/application/poi/display?id=344

pdftohtml is not vulnerable to CVE-2005-3193.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Reply to:

Follow-Ups:
- Bug#342294: marked as done (koffice: Exploitable heap overflows in embedded xpdf copy)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: kpdf confirmed vulnerable to all latest xpdf issues
Next by Date: Bug#342321: kgpg: cannot import key from keyserver
Previous by thread: Processed: kpdf confirmed vulnerable to all latest xpdf issues
Next by thread: Bug#342294: marked as done (koffice: Exploitable heap overflows in embedded xpdf copy)
Index(es):
- Date
- Thread