Bug 345101 (CVE-2007-4352) - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit()
Summary: CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit()
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2007-4352
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 356551 356561 356571 356581 356601 356611 356641 356651 356671 356681 356691 356701 356711 356721 356791 356811 356821 372461 372471 372481 372491 372501 372511 372521 372551 372561 372571 372581 372591 372601 372611 372651 372661 372671
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-10-22 12:37 UTC by Tomas Hoger
Modified: 2019-09-29 12:21 UTC (History)
6 users (show)

Fixed In Version: 0.5.4-8.fc7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-02-13 05:19:57 UTC


Attachments (Terms of Use)
xpdf-3.02pl2 first draft from Derek B. Noonburg addressing CVE-2007-{4352,5392,5393} (20.35 KB, patch)
2007-10-26 06:56 UTC, Tomas Hoger
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:1021 normal SHIPPED_LIVE Important: cups security update 2007-11-07 17:45:52 UTC
Red Hat Product Errata RHSA-2007:1022 normal SHIPPED_LIVE Important: cups security update 2007-11-07 17:52:42 UTC
Red Hat Product Errata RHSA-2007:1024 normal SHIPPED_LIVE Important: kdegraphics security update 2007-11-12 09:23:07 UTC
Red Hat Product Errata RHSA-2007:1025 normal SHIPPED_LIVE Important: gpdf security update 2007-11-07 18:05:00 UTC
Red Hat Product Errata RHSA-2007:1026 normal SHIPPED_LIVE Important: poppler security update 2007-11-07 18:10:06 UTC
Red Hat Product Errata RHSA-2007:1027 normal SHIPPED_LIVE Important: tetex security update 2007-11-08 13:47:26 UTC
Red Hat Product Errata RHSA-2007:1029 normal SHIPPED_LIVE Important: xpdf security update 2007-11-07 18:48:15 UTC
Red Hat Product Errata RHSA-2007:1030 normal SHIPPED_LIVE Important: xpdf security update 2007-11-07 19:04:11 UTC

Description Tomas Hoger 2007-10-22 12:37:39 UTC
Alin Rad Pop of the Secunia Research discovered a vulnerability in
xpdf/Stream.cc code:

An array indexing error exists within the "DCTStream::readProgressiveDataUnit()"
method in xpdf/Stream.cc. This can be exploited to corrupt memory via a
specially crafted PDF file.

Comment 6 Tomas Hoger 2007-10-26 06:56:09 UTC
Created attachment 238491 [details]
xpdf-3.02pl2 first draft from Derek B. Noonburg addressing CVE-2007-{4352,5392,5393}

Comments from Derek:

The fixes for the first two bugs (in DCTStream) are pretty
straightforward.

The CCITTFaxStream inner loop code has been rewritten (because I was
unhappy with the design, and it was resulting in too many problems).

Comment 26 Josh Bressers 2007-11-07 16:27:39 UTC
This is now public:
http://marc.info/?l=full-disclosure&m=119445179723160&w=2

Comment 27 Fedora Update System 2007-11-08 06:03:33 UTC
cups-1.3.4-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 28 Tomas Hoger 2007-11-08 08:38:17 UTC
KDE security advisory with official patches for kdegraphics and koffice:

http://www.kde.org/info/security/advisory-20071107-1.txt


Comment 29 Tomas Hoger 2007-11-09 10:33:38 UTC
Official xpdf patch is available on xpdf upstream page:

http://www.foolabs.com/xpdf/download.html
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch


Comment 30 Fedora Update System 2007-11-09 23:51:51 UTC
cups-1.2.12-7.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 31 Fedora Update System 2008-02-08 08:17:24 UTC
poppler-0.5.4-8.fc7 has been submitted as an update for Fedora 7

Comment 32 Fedora Update System 2008-02-13 05:19:45 UTC
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 33 Fedora Update System 2008-02-13 15:00:40 UTC
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 34 Fedora Update System 2008-02-13 15:09:43 UTC
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.