Bug 175105 - CVE-2005-3193 xpdf issues (CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628)
CVE-2005-3193 xpdf issues (CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005...
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kdegraphics (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Ngo Than
: Reopened, Security
Depends On:
  Show dependency treegraph
Reported: 2005-12-06 12:46 EST by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version: RHSA-2005-868
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-11-07 09:52:20 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Complete patch from xpdf (10.80 KB, patch)
2006-03-07 15:10 EST, Josh Bressers
no flags Details | Diff
Reproducer from Chris Evans (1.34 KB, application/octet-stream)
2006-03-07 15:12 EST, Josh Bressers
no flags Details
back-trace (4.42 KB, application/octet-stream)
2007-11-05 13:10 EST, Jan Hutař
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:868 normal SHIPPED_LIVE Important: kdegraphics security update 2005-12-20 00:00:00 EST

  None (edit)
Description Josh Bressers 2005-12-06 12:46:59 EST
+++ This bug was initially created as a clone of Bug #175089 +++

Derek Noonburg sent us a patch for xpdf to correct a number of security issues.
 This is due to be public 20051201.

An attacker could construct a carefully crafted PDF file that could cause Xpdf
to crash or possibly execute arbitrary code when opened. 

This issue affects RHEL3, RHEL3, RHEL2.1

-- Additional comment from mjc@redhat.com on 2005-11-22 03:42 EST --
Created an attachment (id=121332)
Proposed patch from Derek
Comment 1 Josh Bressers 2005-12-06 13:36:29 EST

If you can roll up some packages, I'll deal with the errata.
Comment 2 Josh Bressers 2005-12-06 13:56:52 EST
Attachment 121940 [details] contains a more complete patch which was taken from our recent
xpdf update.
Comment 3 Ngo Than 2005-12-07 05:55:21 EST

kpdf is included in kdegraphics version > 3.3.x, it's also effected in RHEL4 and
FC3/FC4. I have built new kdegraphics in dist-4E-errata-candidate.
It would be great if you could create errata text for this please. Thanks
Comment 7 Red Hat Bugzilla 2005-12-20 09:48:37 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

Comment 8 Josh Bressers 2006-03-07 14:17:03 EST
It has come to our attention that CVE-2005-3627 was not properly fixed.
Comment 9 Josh Bressers 2006-03-07 15:10:44 EST
Created attachment 125771 [details]
Complete patch from xpdf

Here is the complete patch from xpdf upstream.	The patch used for kpdf missed
some bits of this.
Comment 10 Josh Bressers 2006-03-07 15:12:17 EST
Created attachment 125772 [details]
Reproducer from Chris Evans

Here is Chris' original advisory, it has links to various other bad pdf files.
Comment 11 Josh Bressers 2006-03-07 17:26:21 EST
I've filed bug 184307 to cover the incomplete fix rather than reusing this bug.
Comment 13 Jan Hutař 2007-11-05 13:10:50 EST
Created attachment 248491 [details]

/usr/bin/kpdf --nocrashhandler bz175105.pdf

Comment 14 Ngo Than 2007-11-06 06:15:44 EST
it's strange, the bug is only affected in RHEL-4/RHEL-3/RHEL-2 with 
kdegraphics <= 3.5.0, which was fixed long ago. This security issue is not 
affected in RHEL-5 with kdegraphic-3.5.4!

I cannot reproduce the crash with kdegraphics-3_3_1-6_el4_5 and 

It seems your testenviroment is broken. Could you please check your 
testenviroment again? Thanks

Note You need to log in before you can comment on or make changes to this bug.