[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#444015: kdegraphics: CVE-2007-5049 stack based buffer overflow

Hi,

On Tue, Sep 25, 2007 at 10:56:08PM +1000, Steffen Joeris wrote:
> Package: kdegraphics
> Version: 4:3.5.7-3
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for xpdf.
> 
> CVE-2007-5049[0]:
> | Stack-based buffer overflow in the StreamPredictor::getNextLine
> | function in xpdf, as used in (1) poppler before 0.5.91, (2) gpdf, (3)
> | kpdf, (4) kdegraphics, (5) CUPS, and other products, might allow
> | remote attackers to execute arbitrary code via a crafted PDF file, a
> | different vulnerability than CVE-2007-3387.
> 
> If you fix this vulnerability please also include the CVE id
> in your changelog entry.
> 
> You can find a patch on:
> ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch


I'm overlooking something? Because that patch changes the same code than the patch:

ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.7-kdegraphics-CVE-2007-3387.diff

applied to fix CVE-2007-3387


Ana
Reply to: