Debian DSA-1537-1 : xpdf - several vulnerabilities
High Nessus Plugin ID 31807
SynopsisThe remote Debian host is missing a security-related update.
DescriptionAlin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf, a set of tools for display and conversion of Portable Document Format (PDF) files. The Common Vulnerabilities and Exposures project identifies the following three problems :
- CVE-2007-4352 Inadequate DCT stream validation allows an attacker to corrupt memory and potentially execute arbitrary code by supplying a maliciously crafted PDF file.
- CVE-2007-5392 An integer overflow vulnerability in DCT stream handling could allow an attacker to overflow a heap buffer, enabling the execution of arbitrary code.
- CVE-2007-5393 A buffer overflow vulnerability in xpdf's CCITT image compression handlers allows overflow on the heap, allowing an attacker to execute arbitrary code by supplying a maliciously crafted CCITTFaxDecode filter.
SolutionUpgrade the xpdf packages.
For the stable distribution (etch), these problems have been fixed in version 3.01-9.1+etch2.