Bug 345121 (CVE-2007-5393)

Summary: CVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: jnovy, kreilly, krh, security-response-team, than, twaugh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 0.5.4-8.fc7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-02-13 05:19:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 356541, 356551, 356561, 356571, 356581, 356601, 356611, 356621, 356631, 356641, 356651, 356671, 356681, 356691, 356701, 356711, 356721, 356751, 356761, 356781, 356791, 356811, 356821, 372461, 372471, 372481, 372491, 372501, 372511, 372521, 372551, 372561, 372571, 372581, 372591, 372601, 372611, 372651, 372661, 372671    
Bug Blocks:    

Description Tomas Hoger 2007-10-22 12:51:43 UTC 
Alin Rad Pop of the Secunia Research has discovered a vulnerability in
xpdf/Stream.cc code:

A boundary error exists within the "CCITTFaxStream::lookChar()"
method in xpdf/Stream.cc. This can be exploited to cause a heap-based
buffer overflow by tricking a user into opening a PDF file containing a
specially crafted "CCITTFaxDecode" filter.

Successful exploitation allows execution of arbitrary code.
Comment 22 Josh Bressers 2007-11-07 16:24:43 UTC 
This is now public

http://marc.info/?l=full-disclosure&m=119445179723160&w=2
Comment 23 Fedora Update System 2007-11-15 03:32:25 UTC 
tetex-3.0-44.2.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update tetex'
Comment 24 Fedora Update System 2007-11-15 03:46:18 UTC 
tetex-3.0-40.3.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update tetex'
Comment 25 Fedora Update System 2007-11-20 18:00:46 UTC 
tetex-3.0-40.3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 26 Fedora Update System 2007-11-20 18:04:56 UTC 
tetex-3.0-44.3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 27 Fedora Update System 2008-02-08 08:17:29 UTC 
poppler-0.5.4-8.fc7 has been submitted as an update for Fedora 7
Comment 28 Fedora Update System 2008-02-13 05:19:50 UTC 
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 29 Fedora Update System 2008-02-13 15:00:45 UTC 
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 30 Fedora Update System 2008-02-13 15:09:48 UTC 
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 31 Red Hat Product Security 2008-02-15 15:06:55 UTC 
This issue was addressed in:

Red Hat Enterprise Linux:
  cups:
    http://rhn.redhat.com/errata/RHSA-2007-1021.html
    http://rhn.redhat.com/errata/RHSA-2007-1022.html
    http://rhn.redhat.com/errata/RHSA-2007-1023.html
  gpdf:
    http://rhn.redhat.com/errata/RHSA-2007-1025.html
  poppler:
    http://rhn.redhat.com/errata/RHSA-2007-1026.html
  xpdf:
    http://rhn.redhat.com/errata/RHSA-2007-1029.html
    http://rhn.redhat.com/errata/RHSA-2007-1030.html
    http://rhn.redhat.com/errata/RHSA-2007-1031.html
  tetex:
    http://rhn.redhat.com/errata/RHSA-2007-1027.html
    http://rhn.redhat.com/errata/RHSA-2007-1028.html
  kdegraphics:
    http://rhn.redhat.com/errata/RHSA-2007-1024.html
    http://rhn.redhat.com/errata/RHSA-2007-1051.html

Fedora:
  kdegraphics:
    https://admin.fedoraproject.org/updates/F7/FEDORA-2007-2985
    https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3001
  xpdf:
    https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3031
    https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3014
  koffice:
    https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3059
    https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3093
  cups:
    https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3100
    https://admin.fedoraproject.org/updates/F8/FEDORA-2007-2982
  poppler:
    https://admin.fedoraproject.org/updates/F7/FEDORA-2008-1651
    https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4031
  tetex:
    https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3390
    https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3308