This service will be undergoing maintenance at 03:30 UTC, 2016-05-27. It is expected to last about 2 hours

Bug 345101 (CVE-2007-4352)

Summary: CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit()
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: jnovy, kreilly, krh, security-response-team, than, twaugh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: source=vendorsec,reported=20071022,public=20071107,impact=important
Fixed In Version: 0.5.4-8.fc7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-02-13 00:19:57 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 356551, 356561, 356571, 356581, 356601, 356611, 356641, 356651, 356671, 356681, 356691, 356701, 356711, 356721, 356791, 356811, 356821, 372461, 372471, 372481, 372491, 372501, 372511, 372521, 372551, 372561, 372571, 372581, 372591, 372601, 372611, 372651, 372661, 372671    
Bug Blocks:    
Attachments:
Description Flags
xpdf-3.02pl2 first draft from Derek B. Noonburg addressing CVE-2007-{4352,5392,5393} none

Description Tomas Hoger 2007-10-22 08:37:39 EDT
Alin Rad Pop of the Secunia Research discovered a vulnerability in
xpdf/Stream.cc code:

An array indexing error exists within the "DCTStream::readProgressiveDataUnit()"
method in xpdf/Stream.cc. This can be exploited to corrupt memory via a
specially crafted PDF file.
Comment 6 Tomas Hoger 2007-10-26 02:56:09 EDT
Created attachment 238491 [details]
xpdf-3.02pl2 first draft from Derek B. Noonburg addressing CVE-2007-{4352,5392,5393}

Comments from Derek:

The fixes for the first two bugs (in DCTStream) are pretty
straightforward.

The CCITTFaxStream inner loop code has been rewritten (because I was
unhappy with the design, and it was resulting in too many problems).
Comment 26 Josh Bressers 2007-11-07 11:27:39 EST
This is now public:
http://marc.info/?l=full-disclosure&m=119445179723160&w=2
Comment 27 Fedora Update System 2007-11-08 01:03:33 EST
cups-1.3.4-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 28 Tomas Hoger 2007-11-08 03:38:17 EST
KDE security advisory with official patches for kdegraphics and koffice:

http://www.kde.org/info/security/advisory-20071107-1.txt
Comment 29 Tomas Hoger 2007-11-09 05:33:38 EST
Official xpdf patch is available on xpdf upstream page:

http://www.foolabs.com/xpdf/download.html
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch
Comment 30 Fedora Update System 2007-11-09 18:51:51 EST
cups-1.2.12-7.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 31 Fedora Update System 2008-02-08 03:17:24 EST
poppler-0.5.4-8.fc7 has been submitted as an update for Fedora 7
Comment 32 Fedora Update System 2008-02-13 00:19:45 EST
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 33 Fedora Update System 2008-02-13 10:00:40 EST
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 34 Fedora Update System 2008-02-13 10:09:43 EST
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.