Bug 173888

Summary: CVE-2005-3193 xpdf issues (CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628)
Product: Red Hat Enterprise Linux 4 Reporter: Mark J. Cox <mjc>
Component: xpdfAssignee: Than Ngo <than>
Status: CLOSED ERRATA QA Contact: Mike McLean <mikem>
Severity: high Docs Contact:
Priority: medium    
Version: 4.0CC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=important,reported=20051103,public=20051201
Fixed In Version: RHSA-2005-840 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-12-20 17:11:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Proposed patch from Derek
none
Patch from Ubuntu
none
Patch from Dirk Mueller to add additional missing checks none

Description Mark J. Cox 2005-11-22 08:42:15 UTC 
Derek Noonburg sent us a patch for xpdf to correct a number of security issues.
 This is due to be public 20051201.

An attacker could construct a carefully crafted PDF file that could cause Xpdf
to crash or possibly execute arbitrary code when opened. 

This issue affects RHEL3, RHEL3, RHEL2.1
Comment 1 Mark J. Cox 2005-11-22 08:42:17 UTC 
Created attachment 121332 [details]
Proposed patch from Derek
Comment 3 Josh Bressers 2005-12-06 14:11:57 UTC 
This issue is now public:
http://www.foolabs.com/xpdf/download.html
Comment 4 Red Hat Bugzilla 2005-12-06 14:37:39 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-840.html
Comment 6 Josh Bressers 2005-12-14 15:24:28 UTC 
The original fix for these issues was incomplete, reopening bug.
Comment 7 Josh Bressers 2005-12-14 15:26:49 UTC 
Created attachment 122226 [details]
Patch from Ubuntu
Comment 8 Josh Bressers 2005-12-14 15:28:23 UTC 
Created attachment 122227 [details]
Patch from Dirk Mueller to add additional missing checks
Comment 9 Josh Bressers 2005-12-14 16:12:35 UTC 
There aren't currently any reproducers for these issues.

Please note that these issues affect xpdf, kdegraphics, cups, gpdf, tetex and
poppler.  Some cooperation will probably make things easier.
Comment 10 Than Ngo 2005-12-16 20:49:01 UTC 
it's now fixed in xpdf-3.00-11.10
Comment 11 Than Ngo 2005-12-16 20:50:06 UTC 
xpdf-2.02-9.8 and xpdf-0.92-17
Comment 14 Red Hat Bugzilla 2005-12-20 17:11:56 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-840.html
Comment 15 Josh Bressers 2006-01-06 17:59:33 UTC 
Adding the folling CVE ids to this errata:

CVE-2005-3624
CVE-2005-3625
CVE-2005-3626
CVE-2005-3627
CVE-2005-3628

These were all fixed in the errata RHSA-2005:840