Kees Cook of Ubuntu noticed that potential vulnerability allowing arbitrary code
execution via a corrupted PDF embedded fonts was fixed in xpdf code in xpdf 3.02
and poppler 0.6.2.
Fix is mentioned in xpdf changelog - http://www.foolabs.com/xpdf/CHANGES:
"Check for a broken/missing embedded font (this was causing xpdf to crash)."
and is available in poppler source code:
Created attachment 301852 [details]
Patch for xpdf from Ludwig Nussel
This is affected:
xpdf EL4 Exploitable via SplashOutputDev::updateFont
poppler EL5 Exploitable via CairoFont::create (evince)
kdegraphics EL4 Exploitable via SplashOutputDev::updateFont (kpdf)
Tools without graphical output (such as pdftops, from cups, teTeX) are not
vulnerable. Newer kpdf seems to use its own output device implementation.
Created attachment 302425 [details]
Poppler type-checking patch from kees cook
Plublic now, lifting embargo:
Short status of Fedora packages:
- xpdf - not affected, fixed upstream version 3.02 is shipped
- poppler - not affected in F8+, fixed upstream versions 0.6.2+ are shipped
- kdegraphics/kpdf - not affected (see comment #7)
- koffice - not affected, xpdf code only used for import, not for displaying
Ubuntu security advisory for koffice / kword http://www.ubuntu.com/usn/usn-603-2
adds patch in comment #12, which adds preventive checks, which should prevent
exploitation of similar issues in the future, that may affect kword import
filter as well.
Okular in KDE 4 uses the system poppler, so kdegraphics in F9 definitely does
not need a patch. For F7 and F8, I'll take Lubomir Kundrak's word that it is
poppler-0.5.4-9.fc7 has been submitted as an update for Fedora 7
poppler-0.5.4-9.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Red Hat Enterprise Linux: