FreeBSD : xpdf -- disk fill DoS vulnerability (24eee285-09c7-11da-bc08-0001020eed82)

low Nessus Plugin ID 21400

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

xpdf is vulnerable to a denial of service vulnerability which can cause xpdf to create an infinitely large file, thereby filling up the /tmp partition, when opening a specially crafted PDF file.

Note that several applications contains an embedded version of xpdf, therefor making them the vulnerable to the same DoS. In CUPS this vulnerability would cause the pdftops filter to crash.

Solution

Update the affected packages.

See Also

https://access.redhat.com/errata/RHSA-2005:670

https://www.kde.org/info/security/advisory-20050809-1.txt

http://www.nessus.org/u?5b5ac7f4

Plugin Details

Severity: Low

ID: 21400

File Name: freebsd_pkg_24eee28509c711dabc080001020eed82.nasl

Version: 1.17

Type: local

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:cups-base, p-cpe:/a:freebsd:freebsd:gpdf, p-cpe:/a:freebsd:freebsd:kdegraphics, p-cpe:/a:freebsd:freebsd:xpdf, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 8/12/2005

Vulnerability Publication Date: 8/9/2005

Reference Information

CVE: CVE-2005-2097

BID: 14529