Bug#322467: [CAN-2005-2097] Loca Table Verification Remote Denial of Service Vulnerability
found 322467 3.0-5
thanks
Hilmar Preusse <hille42@web.de> wrote:
> Package: tetex-bin
> Version: 2.0.2-31
> Severity: grave
> Tags: patch
> Justification: can result in disk consumption and ultimately lead to a denial of service condition.
>
> Just a reminder,
>
> http://www.securityfocus.com/bid/14529/info
>
> Ubuntu^1 already fixed the xpdf packages. I guess we're affected too,
> as pdftex processes pdf files using the code from xpdf. I did not
> file a bug against xpdf yet. I'm attaching a patch taken from
> ftp://ftp.kde.org/pub/kde/security_patches/ and the sig. According to
> Martin Pitt the original patch was posted to vendor-sec but I'm not
> subscribed to it.
tetex-bin_2.0.2 in sarge, etch, sid, as well as tetex-bin_1.0.7... in
oldstable do not have the files the patch changes. Moreover, the
strings "loca table" or "codetogid" do not appear in
tetex-bin-{1.0.7...,2.0.2}/libs/, checked with a case-insensitive grep.
However, "truetype" appears lots of times. Therefore it probably needs
a careful inspection of the code to check whether these are indeed
vulnerable. It would be best if someone with a decent understanding of
C++ would do that, not me.
tetex-bin_3.0 in experimental is vulnerable.
Regards, Frank
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer
Reply to: