Bug 345111 (CVE-2007-5392)

Summary: CVE-2007-5392 xpdf buffer overflow in DCTStream::reset()
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: jnovy, kreilly, krh, security-response-team, than, twaugh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-02-15 15:03:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 356551, 356561, 356571, 356581, 356601, 356611, 356641, 356651, 356671, 356681, 356691, 356701, 356711, 356721, 356791, 356811, 356821, 372461, 372471, 372481, 372491, 372501, 372511, 372521, 372551, 372561, 372571, 372581, 372591, 372601, 372611, 372651, 372661, 372671    
Bug Blocks:    

Description Tomas Hoger 2007-10-22 12:44:36 UTC 
Alin Rad Pop of the Secunia Research has discovered a vulnerability in
xpdf/Stream.cc code:

An integer overflow error exists within the "DCTStream::reset()"
method in xpdf/Stream.cc. This can be exploited to cause a heap-based
buffer overflow via a specially crafted PDF file.

Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
Comment 20 Josh Bressers 2007-11-07 16:27:17 UTC 
This is now public:
http://marc.info/?l=full-disclosure&m=119445179723160&w=2
Comment 21 Fedora Update System 2008-02-08 08:17:27 UTC 
poppler-0.5.4-8.fc7 has been submitted as an update for Fedora 7
Comment 22 Fedora Update System 2008-02-13 05:19:48 UTC 
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 23 Fedora Update System 2008-02-13 15:00:43 UTC 
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 24 Fedora Update System 2008-02-13 15:09:45 UTC 
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 25 Red Hat Product Security 2008-02-15 15:03:31 UTC 
This issue was addressed in:

Red Hat Enterprise Linux:
  cups:
    http://rhn.redhat.com/errata/RHSA-2007-1021.html
    http://rhn.redhat.com/errata/RHSA-2007-1022.html
  gpdf:
    http://rhn.redhat.com/errata/RHSA-2007-1025.html
  poppler:
    http://rhn.redhat.com/errata/RHSA-2007-1026.html
  xpdf:
    http://rhn.redhat.com/errata/RHSA-2007-1029.html
    http://rhn.redhat.com/errata/RHSA-2007-1030.html
  tetex:
    http://rhn.redhat.com/errata/RHSA-2007-1027.html
  kdegraphics:
    http://rhn.redhat.com/errata/RHSA-2007-1024.html

Fedora:
  kdegraphics:
    https://admin.fedoraproject.org/updates/F7/FEDORA-2007-2985
    https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3001
  xpdf:
    https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3031
    https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3014
  koffice:
    https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3059
    https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3093
  cups:
    https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3100
    https://admin.fedoraproject.org/updates/F8/FEDORA-2007-2982
  poppler:
    https://admin.fedoraproject.org/updates/F7/FEDORA-2008-1651
    https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4031
  tetex:
    https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3390
    https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3308