Bug#444015: kdegraphics: CVE-2007-5049 stack based buffer overflow

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#444015: kdegraphics: CVE-2007-5049 stack based buffer overflow
From: Steffen Joeris <steffen.joeris@skolelinux.de>
Date: Tue, 25 Sep 2007 22:56:08 +1000
Message-id: <[🔎] 20070925125608.10781.93569.reportbug@katha.debian.org>
Reply-to: Steffen Joeris <steffen.joeris@skolelinux.de>, 444015@bugs.debian.org

Package: kdegraphics
Version: 4:3.5.7-3
Severity: grave
Tags: security
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xpdf.

CVE-2007-5049[0]:
| Stack-based buffer overflow in the StreamPredictor::getNextLine
| function in xpdf, as used in (1) poppler before 0.5.91, (2) gpdf, (3)
| kpdf, (4) kdegraphics, (5) CUPS, and other products, might allow
| remote attackers to execute arbitrary code via a crafted PDF file, a
| different vulnerability than CVE-2007-3387.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

You can find a patch on:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5049

Cheers
Steffen

Reply to:

Follow-Ups:
- Bug#444015: kdegraphics: CVE-2007-5049 stack based buffer overflow
  - From: Ana Guerrero <ana@debian.org>
- Bug#444015: marked as done (kdegraphics: CVE-2007-5049 stack based buffer overflow)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#444014: koffice: CVE-2007-5049 stack based buffer overflow
Next by Date: Bug#444030: kig fails to read back a file that it just wrote
Previous by thread: Bug#444014: marked as done (koffice: CVE-2007-5049 stack based buffer overflow)
Next by thread: Bug#444015: kdegraphics: CVE-2007-5049 stack based buffer overflow
Index(es):
- Date
- Thread