Kees Cook of Ubuntu noticed that potential vulnerability allowing arbitrary code execution via a corrupted PDF embedded fonts was fixed in xpdf code in xpdf 3.02 and poppler 0.6.2. Fix is mentioned in xpdf changelog - http://www.foolabs.com/xpdf/CHANGES: "Check for a broken/missing embedded font (this was causing xpdf to crash)." and is available in poppler source code: http://gitweb.freedesktop.org/?p=poppler/poppler.git;a=commitdiff;h=1a531dcfee1c6fc79a414c38cbe7327fbf9a59d8
Created attachment 301852 [details] Patch for xpdf from Ludwig Nussel
This is affected: xpdf EL4 Exploitable via SplashOutputDev::updateFont poppler EL5 Exploitable via CairoFont::create (evince) kdegraphics EL4 Exploitable via SplashOutputDev::updateFont (kpdf) Tools without graphical output (such as pdftops, from cups, teTeX) are not vulnerable. Newer kpdf seems to use its own output device implementation.
Created attachment 302425 [details] Poppler type-checking patch from kees cook
Plublic now, lifting embargo: http://www.ubuntu.com/usn/usn-603-1
Short status of Fedora packages: - xpdf - not affected, fixed upstream version 3.02 is shipped - poppler - not affected in F8+, fixed upstream versions 0.6.2+ are shipped - kdegraphics/kpdf - not affected (see comment #7) - koffice - not affected, xpdf code only used for import, not for displaying
Ubuntu security advisory for koffice / kword http://www.ubuntu.com/usn/usn-603-2 adds patch in comment #12, which adds preventive checks, which should prevent exploitation of similar issues in the future, that may affect kword import filter as well.
Okular in KDE 4 uses the system poppler, so kdegraphics in F9 definitely does not need a patch. For F7 and F8, I'll take Lubomir Kundrak's word that it is not affected.
poppler-0.5.4-9.fc7 has been submitted as an update for Fedora 7
poppler-0.5.4-9.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: xpdf: http://rhn.redhat.com/errata/RHSA-2008-0240.html poppler: http://rhn.redhat.com/errata/RHSA-2008-0239.html kdegraphics: http://rhn.redhat.com/errata/RHSA-2008-0238.html gpdf: http://rhn.redhat.com/errata/RHSA-2008-0262.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-3312