|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200508-08] Xpdf, Kpdf, GPdf: Denial of Service vulnerability Vulnerability Scan
Vulnerability Scan Summary
Xpdf, Kpdf, GPdf: Denial of Service vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200508-08
(Xpdf, Kpdf, GPdf: Denial of Service vulnerability)
Xpdf, Kpdf and GPdf do not handle a broken table of embedded
TrueType fonts correctly. After detecting such a table, Xpdf, Kpdf and
GPdf attempt to reconstruct the information in it by decoding the PDF
file, which causes the generation of a huge temporary file.
Impact
A remote attacker may cause a Denial of Service by creating a
specially crafted PDF file, sending it to a CUPS printing system (which
uses Xpdf), or by enticing a user to open it in Xpdf, Kpdf, or GPdf.
Workaround
There is no known workaround at this time.
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2097
Solution:
All Xpdf users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/xpdf-3.00-r10"
All GPdf users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r1"
All Kpdf users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.3.2-r3"
All KDE Split Ebuild Kpdf users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.4.1-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
