Detections
Analytics
Mandrake Linux Security Advisory : kdegraphics (MDKSA-2006:012)
critical Nessus Plugin ID 20478
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191)Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01 allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.
(CVE-2005-3192)
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier allows user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.
(CVE-2005-3193)
An additional patch re-addresses memory allocation routines in goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE).
In addition, Chris Evans discovered several other vulnerabilities in the xpdf code base :
Out-of-bounds heap accesses with large or negative parameters to 'FlateDecode' stream. (CVE-2005-3192)
Out-of-bounds heap accesses with large or negative parameters to 'CCITTFaxDecode' stream. (CVE-2005-3624)
Infinite CPU spins in various places when stream ends unexpectedly.
(CVE-2005-3625)
NULL pointer crash in the 'FlateDecode' stream. (CVE-2005-3626)
Overflows of compInfo array in 'DCTDecode' stream. (CVE-2005-3627)
Possible to use index past end of array in 'DCTDecode' stream.
(CVE-2005-3627)
Possible out-of-bounds indexing trouble in 'DCTDecode' stream.
(CVE-2005-3627)
Kdegraphics uses an embedded copy of the xpdf code, with the same vulnerabilities.
The updated packages have been patched to correct these problems.
Solution
Update the affected packages.Plugin Details
Severity: Critical
ID: 20478
File Name: mandrake_MDKSA-2006-012.nasl
Version: 1.17
Type: local
Family: Mandriva Local Security Checks
Published: 1/15/2006
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:kdegraphics, p-cpe:/a:mandriva:linux:kdegraphics-common, p-cpe:/a:mandriva:linux:kdegraphics-kdvi, p-cpe:/a:mandriva:linux:kdegraphics-kfax, p-cpe:/a:mandriva:linux:kdegraphics-kghostview, p-cpe:/a:mandriva:linux:kdegraphics-kiconedit, p-cpe:/a:mandriva:linux:kdegraphics-kolourpaint, p-cpe:/a:mandriva:linux:kdegraphics-kooka, p-cpe:/a:mandriva:linux:kdegraphics-kpaint, p-cpe:/a:mandriva:linux:kdegraphics-kpdf, p-cpe:/a:mandriva:linux:kdegraphics-kpovmodeler, p-cpe:/a:mandriva:linux:kdegraphics-kruler, p-cpe:/a:mandriva:linux:kdegraphics-ksnapshot, p-cpe:/a:mandriva:linux:kdegraphics-ksvg, p-cpe:/a:mandriva:linux:kdegraphics-kuickshow, p-cpe:/a:mandriva:linux:kdegraphics-kview, p-cpe:/a:mandriva:linux:kdegraphics-mrmlsearch, p-cpe:/a:mandriva:linux:lib64kdegraphics0-common, p-cpe:/a:mandriva:linux:lib64kdegraphics0-common-devel, p-cpe:/a:mandriva:linux:lib64kdegraphics0-kghostview, p-cpe:/a:mandriva:linux:lib64kdegraphics0-kghostview-devel, p-cpe:/a:mandriva:linux:lib64kdegraphics0-kooka, p-cpe:/a:mandriva:linux:lib64kdegraphics0-kooka-devel, p-cpe:/a:mandriva:linux:lib64kdegraphics0-kpovmodeler, p-cpe:/a:mandriva:linux:lib64kdegraphics0-kpovmodeler-devel, p-cpe:/a:mandriva:linux:lib64kdegraphics0-ksvg, p-cpe:/a:mandriva:linux:lib64kdegraphics0-ksvg-devel, p-cpe:/a:mandriva:linux:lib64kdegraphics0-kuickshow, p-cpe:/a:mandriva:linux:lib64kdegraphics0-kview, p-cpe:/a:mandriva:linux:lib64kdegraphics0-kview-devel, p-cpe:/a:mandriva:linux:lib64kdegraphics0-mrmlsearch, p-cpe:/a:mandriva:linux:libkdegraphics0-common, p-cpe:/a:mandriva:linux:libkdegraphics0-common-devel, p-cpe:/a:mandriva:linux:libkdegraphics0-kghostview, p-cpe:/a:mandriva:linux:libkdegraphics0-kghostview-devel, p-cpe:/a:mandriva:linux:libkdegraphics0-kooka, p-cpe:/a:mandriva:linux:libkdegraphics0-kooka-devel, p-cpe:/a:mandriva:linux:libkdegraphics0-kpovmodeler, p-cpe:/a:mandriva:linux:libkdegraphics0-kpovmodeler-devel, p-cpe:/a:mandriva:linux:libkdegraphics0-ksvg, p-cpe:/a:mandriva:linux:libkdegraphics0-ksvg-devel, p-cpe:/a:mandriva:linux:libkdegraphics0-kuickshow, p-cpe:/a:mandriva:linux:libkdegraphics0-kview, p-cpe:/a:mandriva:linux:libkdegraphics0-kview-devel, p-cpe:/a:mandriva:linux:libkdegraphics0-mrmlsearch, cpe:/o:mandriva:linux:2006
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 1/12/2006
Reference Information
CVE: CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628
BID: 15721, 15725, 15726, 15727, 16143
MDKSA: 2006:012