Detections
Analytics

FreeBSD : Xpdf -- Multiple Vulnerabilities (8581189c-bd5f-11de-8709-0017a4cccfc6)

high Nessus Plugin ID 42196

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

SecurityFocus reports :

Some vulnerabilities have been reported in Xpdf, which can be exploited by malicious people to potentially compromise a user's system.

1) Multiple integer overflows in 'SplashBitmap::SplashBitmap()' can be exploited to cause heap-based buffer overflows.

2) An integer overflow error in 'ObjectStream::ObjectStream()' can be exploited to cause a heap-based buffer overflow.

3) Multiple integer overflows in 'Splash::drawImage()' can be exploited to cause heap-based buffer overflows.

4) An integer overflow error in 'PSOutputDev::doImageL1Sep()' can be exploited to cause a heap-based buffer overflow when converting a PDF document to a PS file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code by tricking a user into opening a specially crafted PDF file.

Solution

Update the affected package.

See Also

https://www.securityfocus.com/archive/1/507261

http://www.nessus.org/u?8dc77fba

Plugin Details

Severity: High

ID: 42196

File Name: freebsd_pkg_8581189cbd5f11de87090017a4cccfc6.nasl

Version: 1.11

Type: local

Published: 10/22/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:xpdf, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/20/2009

Vulnerability Publication Date: 10/14/2009

Reference Information

Secunia: 37053