Mandrake Linux Security Advisory : tetex (MDKSA-2007:164)

Medium Nessus Plugin ID 25896

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause tetex to crash and possibly execute arbitrary code open a user opening the file.

In addition, tetex contains an embedded copy of the GD library which suffers from a number of bugs which potentially lead to denial of service and possibly other issues.

Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472)

The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473)

Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact.
(CVE-2007-3474)

The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475)

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.
(CVE-2007-3476)

The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477)

Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.
(CVE-2007-3478)

Updated packages have been patched to prevent these issues.

Solution

Update the affected packages.

Plugin Details

Severity: Medium

ID: 25896

File Name: mandrake_MDKSA-2007-164.nasl

Version: 1.20

Type: local

Published: 2007/08/15

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:jadetex, p-cpe:/a:mandriva:linux:tetex, p-cpe:/a:mandriva:linux:tetex-afm, p-cpe:/a:mandriva:linux:tetex-context, p-cpe:/a:mandriva:linux:tetex-devel, p-cpe:/a:mandriva:linux:tetex-doc, p-cpe:/a:mandriva:linux:tetex-dvilj, p-cpe:/a:mandriva:linux:tetex-dvipdfm, p-cpe:/a:mandriva:linux:tetex-dvips, p-cpe:/a:mandriva:linux:tetex-latex, p-cpe:/a:mandriva:linux:tetex-mfwin, p-cpe:/a:mandriva:linux:tetex-texi2html, p-cpe:/a:mandriva:linux:tetex-usrlocal, p-cpe:/a:mandriva:linux:tetex-xdvi, p-cpe:/a:mandriva:linux:xmltex, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/08/14

Exploitable With

Core Impact

Reference Information

CVE: CVE-2007-3387, CVE-2007-3472, CVE-2007-3473, CVE-2007-3474, CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478

MDKSA: 2007:164

CWE: 189, 362, 399