Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

Derek Noonburg has fixed several potential vulnerabilities in xpdf, which are also present in libextractor, a library to extract arbitrary meta-data from files.

SuSE researchers discovered heap overflow errors in xpdf, the Portable Document Format (PDF) suite, which is also present in gpdf, the GNOME version of the Portable Document Format viewer, and which can allow attackers to cause a denial of service by crashing the application or possibly execute arbitrary code.

SuSE researchers discovered heap overflow errors in xpdf, the Portable Document Format (PDF) suite, which is also present in pdfkit.framework, the GNUstep framework for rendering PDF content, and which can allow attackers to cause a denial of service by crashing the application or possibly execute arbitrary code.

SuSE researchers discovered heap overflow errors in xpdf, the Portable Document Format (PDF) suite, that can allow attackers to cause a denial of service by crashing the application or possibly execute arbitrary code.

Updated kdegraphics packages that resolve a security issue in kpdf are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer.

A heap based buffer overflow bug was discovered in kpdf. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0301 to this issue.

Users of kpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue.

An updated xpdf package that fixes a buffer overflow security issue is now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files.

A heap based buffer overflow bug was discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0301 to this issue.

Users of Xpdf should upgrade to this updated package, which contains a backported patch to resolve these issues.

Red Hat would like to thank Dirk Mueller for reporting this issue and providing a patch.

The KDE team reports :

kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code.

The splash image handler in xpdf did not check the validity of coordinates. By tricking a user into opening a specially crafted PDF file, an attacker could exploit this to trigger a buffer overflow which could lead to arbitrary code execution with the privileges of the user.

The poppler library and kpdf also contain xpdf code, and thus are affected by the same vulnerability.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-200602-12 (GPdf: heap overflows in included Xpdf code)

    Dirk Mueller found a heap overflow vulnerability in the XPdf     codebase when handling splash images that exceed size of the associated     bitmap.
  Impact :

    An attacker could entice a user to open a specially crafted PDF     file with GPdf, potentially resulting in the execution of arbitrary     code with the rights of the user running the affected application.
  Workaround :

    There is no known workaround at this time.

New xpdf packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix security issues.

New kdegraphics packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix security issues with kpdf.

The remote host is affected by the vulnerability described in GLSA-200602-05 (KPdf: Heap based overflow)

    KPdf includes Xpdf code to handle PDF files. Dirk Mueller     discovered that the Xpdf code is vulnerable a heap based overflow in     the splash rasterizer engine.
  Impact :

    An attacker could entice a user to open a specially crafted PDF     file with Kpdf, potentially resulting in the execution of arbitrary     code with the rights of the user running the affected application.
  Workaround :

    There is no known workaround at this time.

The remote host is affected by the vulnerability described in GLSA-200602-04 (Xpdf, Poppler: Heap overflow)

    Dirk Mueller has reported a vulnerability in Xpdf. It is caused by     a missing boundary check in the splash rasterizer engine when handling     PDF splash images with overly large dimensions.
  Impact :

    By sending a specially crafted PDF file to a victim, an attacker     could cause an overflow, potentially resulting in the execution of     arbitrary code with the privileges of the user running the application.
  Workaround :

    There is no known workaround at this time.

Heap-based buffer overflow in Splash.cc in poppler, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

The updated packages have been patched to correct this issue.

Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

Kdegraphics-kpdf uses a copy of the xpdf code and as such has the same issues.

The updated packages have been patched to correct this issue.

Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

Poppler uses a copy of the xpdf code and as such has the same issues.

The updated packages have been patched to correct this issue.

ID	Name	Product	Family	Severity
22864	Debian DSA-998-1 : libextractor - several vulnerabilities	Nessus	Debian Local Security Checks	high
22840	Debian DSA-974-1 : gpdf - buffer overflows	Nessus	Debian Local Security Checks	high
22838	Debian DSA-972-1 : pdfkit.framework - buffer overflows	Nessus	Debian Local Security Checks	high
22837	Debian DSA-971-1 : xpdf - buffer overflow	Nessus	Debian Local Security Checks	high
21986	CentOS 4 : kdegraphics (CESA-2006:0206)	Nessus	CentOS Local Security Checks	high
21984	CentOS 4 : xpdf (CESA-2006:0201)	Nessus	CentOS Local Security Checks	high
21419	FreeBSD : kpdf -- heap based buffer overflow (432bf98d-9e25-11da-b410-000e0c2e438a)	Nessus	FreeBSD Local Security Checks	high
21058	Ubuntu 4.10 / 5.04 / 5.10 : xpdf, poppler, kdegraphics vulnerabilities (USN-249-1)	Nessus	Ubuntu Local Security Checks	high
20962	GLSA-200602-12 : GPdf: heap overflows in included Xpdf code	Nessus	Gentoo Local Security Checks	high
20920	Slackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : xpdf (SSA:2006-045-09)	Nessus	Slackware Local Security Checks	critical
20915	Slackware 10.0 / 10.1 / 10.2 / current : kdegraphics (SSA:2006-045-04)	Nessus	Slackware Local Security Checks	critical
20900	RHEL 4 : kdegraphics (RHSA-2006:0206)	Nessus	Red Hat Local Security Checks	high
20898	RHEL 4 : xpdf (RHSA-2006:0201)	Nessus	Red Hat Local Security Checks	high
20895	GLSA-200602-05 : KPdf: Heap based overflow	Nessus	Gentoo Local Security Checks	high
20894	GLSA-200602-04 : Xpdf, Poppler: Heap overflow	Nessus	Gentoo Local Security Checks	high
20881	Fedora Core 4 : poppler-0.4.5-1.1 (2006-103)	Nessus	Fedora Local Security Checks	high
20853	Mandrake Linux Security Advisory : xpdf (MDKSA-2006:032)	Nessus	Mandriva Local Security Checks	high
20852	Mandrake Linux Security Advisory : kdegraphics (MDKSA-2006:031)	Nessus	Mandriva Local Security Checks	high
20851	Mandrake Linux Security Advisory : poppler (MDKSA-2006:030)	Nessus	Mandriva Local Security Checks	high

Detections

Analytics

CVE-2006-0301

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

critical

critical

high

high

high

high

high

high

high

high