RHEL 2.1 / 3 : xpdf (RHSA-2005:213)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated xpdf package that correctly fixes several integer overflows
is now available.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

The xpdf package is an X Window System-based viewer for Portable
Document Format (PDF) files.

During a source code audit, Chris Evans and others discovered a number
of integer overflow bugs that affected all versions of Xpdf. An
attacker could construct a carefully crafted PDF file that could cause
Xpdf to crash or possibly execute arbitrary code when opened. This
issue was assigned the name CVE-2004-0888 by The Common
Vulnerabilities and Exposures project (cve.mitre.org). RHSA-2004:592
contained a fix for this issue, but it was found to be incomplete and
left 64-bit architectures vulnerable. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206
to this issue.

All users of xpdf should upgrade to this updated package, which
contains backported patches to resolve these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2005-0206.html
http://rhn.redhat.com/errata/RHSA-2005-213.html

Solution :

Update the affected xpdf package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 17266 ()

Bugtraq ID:

CVE ID: CVE-2005-0206