RHEL 4 : xpdf (RHSA-2005:034)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated xpdf package that fixes several security issues is now
available.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files.

A buffer overflow flaw was found in the Gfx::doImage function of Xpdf.
An attacker could construct a carefully crafted PDF file that could
cause Xpdf to crash or possibly execute arbitrary code when opened.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-1125 to this issue.

A buffer overflow flaw was found in the Decrypt::makeFileKey2 function
of Xpdf. An attacker could construct a carefully crafted PDF file that
could cause Xpdf to crash or possibly execute arbitrary code when
opened. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-0064 to this issue.

During a source code audit, Chris Evans and others discovered a number
of integer overflow bugs that affected all versions of Xpdf. An
attacker could construct a carefully crafted PDF file that could cause
Xpdf to crash or possibly execute arbitrary code when opened. This
issue was assigned the name CVE-2004-0888 by The Common
Vulnerabilities and Exposures project (cve.mitre.org). Red Hat
Enterprise Linux 4 contained a fix for this issue, but it was found to
be incomplete and left 64-bit architectures vulnerable. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-0206 to this issue.

All users of Xpdf should upgrade to this updated package, which
contains backported patches to resolve these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2004-1125.html
https://www.redhat.com/security/data/cve/CVE-2005-0064.html
https://www.redhat.com/security/data/cve/CVE-2005-0206.html
http://rhn.redhat.com/errata/RHSA-2005-034.html

Solution :

Update the affected xpdf package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 17168 ()

Bugtraq ID:

CVE ID: CVE-2004-1125
CVE-2005-0064
CVE-2005-0206