Mandrake Linux Security Advisory : gpdf (MDKSA-2005:016)

High Nessus Plugin ID 16253


The remote Mandrake Linux host is missing a security update.


A buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Gpdf uses xpdf code and is susceptible to the same vulnerability.

The updated packages have been patched to prevent these problems.


Update the affected gpdf package.

Plugin Details

Severity: High

ID: 16253

File Name: mandrake_MDKSA-2005-016.nasl

Version: $Revision: 1.17 $

Type: local

Published: 2005/01/26

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gpdf, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2005/01/25

Reference Information

CVE: CVE-2005-0064

MDKSA: 2005:016