Alin Rad Pop of the Secunia Research has discovered a vulnerability in xpdf/Stream.cc code: A boundary error exists within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter. Successful exploitation allows execution of arbitrary code.
This is now public http://marc.info/?l=full-disclosure&m=119445179723160&w=2
tetex-3.0-44.2.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update tetex'
tetex-3.0-40.3.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update tetex'
tetex-3.0-40.3.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
tetex-3.0-44.3.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
poppler-0.5.4-8.fc7 has been submitted as an update for Fedora 7
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: cups: http://rhn.redhat.com/errata/RHSA-2007-1021.html http://rhn.redhat.com/errata/RHSA-2007-1022.html http://rhn.redhat.com/errata/RHSA-2007-1023.html gpdf: http://rhn.redhat.com/errata/RHSA-2007-1025.html poppler: http://rhn.redhat.com/errata/RHSA-2007-1026.html xpdf: http://rhn.redhat.com/errata/RHSA-2007-1029.html http://rhn.redhat.com/errata/RHSA-2007-1030.html http://rhn.redhat.com/errata/RHSA-2007-1031.html tetex: http://rhn.redhat.com/errata/RHSA-2007-1027.html http://rhn.redhat.com/errata/RHSA-2007-1028.html kdegraphics: http://rhn.redhat.com/errata/RHSA-2007-1024.html http://rhn.redhat.com/errata/RHSA-2007-1051.html Fedora: kdegraphics: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-2985 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3001 xpdf: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3031 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3014 koffice: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3059 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3093 cups: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3100 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-2982 poppler: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-1651 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4031 tetex: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3390 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-3308