Red Hat Bugzilla – Bug 175105
CVE-2005-3193 xpdf issues (CVE-2005-3191 CVE-2005-3192 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628)
Last modified: 2007-11-30 17:07:22 EST
+++ This bug was initially created as a clone of Bug #175089 +++
Derek Noonburg sent us a patch for xpdf to correct a number of security issues.
This is due to be public 20051201.
An attacker could construct a carefully crafted PDF file that could cause Xpdf
to crash or possibly execute arbitrary code when opened.
This issue affects RHEL3, RHEL3, RHEL2.1
-- Additional comment from firstname.lastname@example.org on 2005-11-22 03:42 EST --
Created an attachment (id=121332)
Proposed patch from Derek
If you can roll up some packages, I'll deal with the errata.
Attachment 121940 [details] contains a more complete patch which was taken from our recent
kpdf is included in kdegraphics version > 3.3.x, it's also effected in RHEL4 and
FC3/FC4. I have built new kdegraphics in dist-4E-errata-candidate.
It would be great if you could create errata text for this please. Thanks
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
It has come to our attention that CVE-2005-3627 was not properly fixed.
Created attachment 125771 [details]
Complete patch from xpdf
Here is the complete patch from xpdf upstream. The patch used for kpdf missed
some bits of this.
Created attachment 125772 [details]
Reproducer from Chris Evans
Here is Chris' original advisory, it has links to various other bad pdf files.
I've filed bug 184307 to cover the incomplete fix rather than reusing this bug.
Created attachment 248491 [details]
/usr/bin/kpdf --nocrashhandler bz175105.pdf
it's strange, the bug is only affected in RHEL-4/RHEL-3/RHEL-2 with
kdegraphics <= 3.5.0, which was fixed long ago. This security issue is not
affected in RHEL-5 with kdegraphic-3.5.4!
I cannot reproduce the crash with kdegraphics-3_3_1-6_el4_5 and
It seems your testenviroment is broken. Could you please check your
testenviroment again? Thanks