[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#346086: tetex-bin: New integer overflows in xpdf copy [CVE-2005-3624, CVE-2005-3625, CVE-2005-3627]


Hilmar Preusse [2006-01-23 18:30 +0100]:
> On the DSA page Joey states, that the problem is solved for oldstable
> too. The .orig.tar.gz contains a patched Stream.cc, which got the
> same modifications as your patch contain, except the last hunk. I'm
> attaching it. Could you evluate if the hunk is necessary.
> If not I guess we're done here and can close #346086.

> @@ -3100,9 +3107,11 @@ int DCTStream::readMarker() {
>    do {
>      do {
>        c = str->getChar();
> +      if(c == EOF) return EOF;
>      } while (c != 0xff);
>      do {
>        c = str->getChar();
> +      if(c == EOF) return EOF;
>      } while (c == 0xff);
>    } while (c == 0x00);
>    return c;

This is precisely the fix that is required to avoid endless loops with
prematurely ending PDF files (CVE-2005-3625). So it is not exploitable to
execute any code or something, but it's still a nasty DoS,
particularly in Cups. So I would prefer to apply it, especially since
it's such an easy and straightforward change.



Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?

Attachment: signature.asc
Description: Digital signature

Reply to: