Updated tetex packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output.

Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-3387)

All users of TeTeX should upgrade to these updated packages, which contain a backported patch to resolve this issue.

New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix an integer overflow.

It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.

libextractor includes a copy of the xpdf code and required an update as well.

It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.

tetex-bin includes a copy of the xpdf code and required an update as well.

It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.

pdfkit.framework includes a copy of the xpdf code and required an update as well.

Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause kpdf to crash and possibly execute arbitrary code open a user opening the file.

This update provides packages which are patched to prevent these issues.

It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.

koffice includes a copy of the xpdf code and required an update as well.

The oldstable distribution (sarge) will be fixed later.

A buffer overflow in the xpdf code contained in poppler could be exploited by attackers to potentially execute arbitrary code (CVE-2007-3387).

Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash or potentially execute arbitrary code when opened.
(CVE-2007-3387)

Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened.
(CVE-2007-3387)

Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash or potentially execute arbitrary code when opened. (CVE-2007-3387)

From Red Hat Security Advisory 2007:0729 :

Updated kdegraphics packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 4, and 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a PDF file viewer.

Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened.
(CVE-2007-3387)

All users of kdegraphics should upgrade to these updated packages, which contain a backported patch to resolve this issue.

New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current. New poppler packages are available for Slackware 12.0 and -current. New koffice packages are available for Slackware 11.0, 12.0, and -current. New kdegraphics packages are available for Slackware 10.2, 11.0, 12.0, and -current. These updated packages address similar bugs which could be used to crash applications linked with poppler or that use code from xpdf through the use of a malformed PDF document. It is possible that a maliciously crafted document could cause code to be executed in the context of the user running the application processing the PDF. These advisories and CVE entries cover the bugs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 http://www.kde.org/info/security/advisory-20071107-1.txt

ID	Name	Product	Family	Published	Updated	Severity
25832	CentOS 3 / 4 / 5 : tetex (CESA-2007:0731)	Nessus	CentOS Local Security Checks	8/2/2007	1/4/2021	medium
25848	Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 9.1 : xpdf (SSA:2007-222-05)	Nessus	Slackware Local Security Checks	8/13/2007	1/14/2021	medium
25857	Debian DSA-1349-1 : libextractor - integer overflow	Nessus	Debian Local Security Checks	8/13/2007	1/4/2021	medium
25858	Debian DSA-1350-1 : tetex-bin - integer overflow	Nessus	Debian Local Security Checks	8/13/2007	1/4/2021	medium
25860	Debian DSA-1352-1 : pdfkit.framework - integer overflow	Nessus	Debian Local Security Checks	8/13/2007	1/4/2021	medium
25894	Mandrake Linux Security Advisory : kdegraphics (MDKSA-2007:162)	Nessus	Mandriva Local Security Checks	8/15/2007	1/6/2021	medium
25937	Debian DSA-1357-1 : koffice - integer overflow	Nessus	Debian Local Security Checks	8/28/2007	1/4/2021	medium
27399	openSUSE 10 Security Update : poppler (poppler-3991)	Nessus	SuSE Local Security Checks	10/17/2007	1/14/2021	medium
60233	Scientific Linux Security Update : gpdf on SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	medium
60234	Scientific Linux Security Update : kdegraphics on SL5.x, SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	medium
60235	Scientific Linux Security Update : poppler on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	medium
67549	Oracle Linux 4 : kdegraphics (ELSA-2007-0729)	Nessus	Oracle Linux Local Security Checks	7/12/2013	1/14/2021	medium
28149	Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 9.1 / current : xpdf/poppler/koffice/kdegraphics (SSA:2007-316-01)	Nessus	Slackware Local Security Checks	11/12/2007	1/14/2021	high

Detections

Analytics

Plugins Search

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

high