KDE Security Advisory: KOffice PDF Import Filter Vulnerability

From: Waldo Bastian (bastian_at_kde.org)
Date: 01/20/05

  • Next message: seasonedpaper_at_djc.people.inodetech.com: "ASH Hashing Algorithm"
    To: bugtraq@securityfocus.com
    Date: Thu, 20 Jan 2005 23:05:43 +0100
    
    
    

    KDE Security Advisory: KOffice PDF Import Filter Vulnerability
    Original Release Date: 2005-01-20
    URL: http://www.kde.org/info/security/advisory-20050120-1.txt

    0. References

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
       http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities

    1. Systems affected:

            KOffice 1.3 up to including KOffice 1.3.5

    2. Overview:

            The KOffice PDF Import Filter shares code with xpdf. xpdf contains
            a buffer overflow that can be triggered by a specially crafted
            PDF file.

    3. Impact:

            Remotely supplied pdf files can be used to execute arbitrary
            code on the client machine when the user opens such file in
            KOffice.

    4. Solution:

            Source code patches have been made available which fix these
            vulnerabilities. Contact your OS vendor / binary package provider
            for information about how to obtain updated binary packages.

    5. Patch:

            Patch for KOffice 1.3.5 is available from
            ftp://ftp.kde.org/pub/kde/security_patches :

            0e6194cbfe3f6d3b3c848c2c76ef5bfb post-1.3.5-koffice.diff

    6. Time line and credits:

            19/01/2005 KDE Security Team alerted by Carsten Lohrke
            19/01/2005 Patches from xpdf 3.00pl3 applied to KDE CVS and patches
                       prepared.
            20/01/2005 Public disclosure.

    -- 
    bastian@kde.org   |   Free Novell Linux Desktop 9 Evaluation Download
    bastian@suse.com  |   http://www.novell.com/products/desktop/eval.html
    
    



  • Next message: seasonedpaper_at_djc.people.inodetech.com: "ASH Hashing Algorithm"

    Relevant Pages

    • Re: [PATCH][RFC][resend] potential NULL pointer deref in XFS on failed mount
      ... The patch still applies cleanly to ... > buftarg, then we will leak a reference to both the rtdev and logdev, ... > To remove the bdev references we may have gained earlier. ...
      (Linux-Kernel)
    • kbuild:
      ... confident that keeping the checks in modpost is good. ... In a follow-up mail I will post the result of a run with this patch. ... Section mismatch is identified as references to .init* ...
      (Linux-Kernel)
    • 2.6.19-rc6: known regressions (v4)
      ... If you find your name in the Cc header, you are either submitter of one ... References: http://lkml.org/lkml/2006/11/20/233 ... commit f72fa707604c015a6625e80f269506032d5430dc ... Patch: http://lkml.org/lkml/2006/11/20/320 ...
      (Linux-Kernel)
    • 2.6.19-rc6: known regressions
      ... This email lists some known regressions in 2.6.19-rc6 compared to 2.6.18 ... If you find your name in the Cc header, you are either submitter of one ... References: http://lkml.org/lkml/2006/11/15/12 ... Patch: http://lkml.org/lkml/2006/11/16/36 ...
      (Linux-Kernel)
    • Re: Random Compiler Errors, again
      ... > Thanks Charles - I'll give it a try. ... Did they produce a patch to fix our ... >>I submitted a support request via their web site. ... >> from dll references to project references. ...
      (microsoft.public.dotnet.general)