Xpdf "Splash.cc" Splash图形处理堆溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1196223 漏洞类型 缓冲区溢出
发布时间 2006-01-30 更新时间 2007-02-07
CVE编号 CVE-2006-0301 CNNVD-ID CNNVD-200601-364
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006020074
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200601-364
|漏洞详情
Xpdf是便携文档格式(PDF)文件的开放源码浏览器。Xpdf在处理畸形的splash图形文件时存在漏洞,攻击者可能利用此漏洞在用户机器上执行任意指令。Xpdf在处理畸形splash图形时,相关的"splash/Splash.cc"代码中存在堆溢出漏洞,可能导致生成超出相关位图的"width"或"height"的值。远程攻击者可以诱骗用户打开恶意的文档导致执行任意代码。
|漏洞EXP
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200602-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
     Title: GPdf: Heap overflows in included Xpdf code
      Date: February 21, 2006
      Bugs: #121511
        ID: 200602-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

GPdf includes vulnerable Xpdf code to handle PDF files, making it
vulnerable to the execution of arbitrary code.

Background
==========

GPdf is a Gnome PDF viewer.

Affected packages
=================

-------------------------------------------------------------------
     Package        /   Vulnerable   /                      Unaffected
    -------------------------------------------------------------------
  1  app-text/gpdf      < 2.10.0-r4                       >= 2.10.0-r4

Description
===========

Dirk Mueller found a heap overflow vulnerability in the XPdf codebase
when handling splash images that exceed size of the associated bitmap.

Impact
======

An attacker could entice a user to open a specially crafted PDF file
with GPdf, potentially resulting in the execution of arbitrary code
with the rights of the user running the affected application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All GPdf users should upgrade to the latest version.

# emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r4"

References
==========

[ 1 ] CVE-2006-0301
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200602-12.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD+07XvcL1obalX08RAhALAJ4x6aDZVc8ZKA21eGhfe2dNCUT94ACaAge7
nFwqRPU/TIN75k+cFyXw4hc=
=Th9f
-----END PGP SIGNATURE-----
|参考资料

来源:XF
名称:xpdf-splash-bo(24391)
链接:http://xforce.iss.net/xforce/xfdb/24391
来源:UBUNTU
名称:USN-249-1
链接:http://www.ubuntu.com/usn/usn-249-1
来源:FEDORA
名称:FLSA:175404
链接:http://www.securityfocus.com/archive/1/archive/1/427990/100/0/threaded
来源:BUGTRAQ
名称:20060202[KDESecurityAdvisory]kpdf/xpdfheapbasedbufferoverflow
链接:http://www.securityfocus.com/archive/1/423899/100/0/threaded
来源:REDHAT
名称:RHSA-2006:0201
链接:http://www.redhat.com/support/errata/RHSA-2006-0201.html
来源:FEDORA
名称:FEDORA-2006-103
链接:http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00039.html
来源:MISC
链接:http://www.kde.org/info/security/advisory-20060202-1.txt
来源:GENTOO
名称:GLSA-200602-12
链接:http://www.gentoo.org/security/en/glsa/glsa-200602-12.xml
来源:GENTOO
名称:GLSA-200602-05
链接:http://www.gentoo.org/security/en/glsa/glsa-200602-05.xml
来源:GENTOO
名称:GLSA-200602-04
链接:http://www.gentoo.org/security/en/glsa/glsa-200602-04.xml
来源:VUPEN
名称:ADV-2006-0422
链接:http://www.frsirt.com/english/advisories/2006/0422
来源:VUPEN