GLSA-200711-22 : Poppler, KDE: User-assisted execution of arbitrary code

high Nessus Plugin ID 28261

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200711-22 (Poppler, KDE: User-assisted execution of arbitrary code)

Alin Rad Pop (Secunia Research) discovered several vulnerabilities in the 'Stream.cc' file of Xpdf: An integer overflow in the DCTStream::reset() method and a boundary error in the CCITTFaxStream::lookChar() method, both leading to heap-based buffer overflows (CVE-2007-5392, CVE-2007-5393). He also discovered a boundary checking error in the DCTStream::readProgressiveDataUnit() method causing memory corruption (CVE-2007-4352). Note: Gentoo's version of Xpdf is patched to use the Poppler library, so the update to Poppler will also fix Xpdf.
Impact :

By enticing a user to view or process a specially crafted PDF file with KWord or KPDF or a Poppler-based program such as Gentoo's viewers Xpdf, ePDFView, and Evince or the CUPS printing system, a remote attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application.
Workaround :

There is no known workaround at this time.

Solution

All Poppler users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-text/poppler-0.6.1-r1' All KPDF users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=kde-base/kpdf-3.5.7-r3' All KDE Graphics Libraries users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=kde-base/kdegraphics-3.5.7-r3' All KWord users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-office/kword-1.6.3-r2' All KOffice users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-office/koffice-1.6.3-r2'

See Also

https://security.gentoo.org/glsa/200711-22

Plugin Details

Severity: High

ID: 28261

File Name: gentoo_GLSA-200711-22.nasl

Version: 1.17

Type: local

Published: 11/20/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:kdegraphics, p-cpe:/a:gentoo:linux:koffice, p-cpe:/a:gentoo:linux:kpdf, p-cpe:/a:gentoo:linux:kword, p-cpe:/a:gentoo:linux:poppler, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/18/2007

Reference Information

CVE: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393

BID: 26367

CWE: 119

GLSA: 200711-22