Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200410-30] GPdf, KPDF, KOffice: Vulnerabilities in included xpdf

Vulnerability Assessment Details

[GLSA-200410-30] GPdf, KPDF, KOffice: Vulnerabilities in included xpdf
Vulnerability Assessment Summary
GPdf, KPDF, KOffice: Vulnerabilities in included xpdf

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200410-30
(GPdf, KPDF, KOffice: Vulnerabilities in included xpdf)


GPdf, KPDF and KOffice all include xpdf code to handle PDF files. xpdf is
vulnerable to multiple integer overflows, as described in GLSA 200410-20.

Impact

A possible hacker could entice a user to open a specially-crafted PDF file,
potentially resulting in execution of arbitrary code with the rights of the
user running the affected utility.

Workaround

There is no known workaround at this time.

References:
http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0889


Solution:
All GPdf users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/gpdf-0.132-r2"
All KDE users should upgrade to the latest version of kdegraphics:
# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.3.0-r2"
All KOffice users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/koffice-1.3.3-r2"


Network Security Threat Level: Medium


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi
Cables, Connectors


Apple Macintosh PowerBook 180 Vintage Laptop | Retro Computer picture

Apple Macintosh PowerBook 180 Vintage Laptop | Retro Computer

$149.95


Apple Macintosh Performa 466 Vintage Computer | SKU 146754 picture

Apple Macintosh Performa 466 Vintage Computer | SKU 146754

$149.95


Vintage Apple M2980 AppleDesign Keyboard - Tested and working - Good condition picture

Vintage Apple M2980 AppleDesign Keyboard - Tested and working - Good condition

$19.75


Vintage A3S2 Apple III Computer With 12 Volt Motherboard 820-0043-00 picture

Vintage A3S2 Apple III Computer With 12 Volt Motherboard 820-0043-00

$450.00


Apple 800K External Drive M0131 for vintage Macintosh Japan picture

Apple 800K External Drive M0131 for vintage Macintosh Japan

$20.00


VINTAGE APPLE MACINTOSH POWERBOOK G3 UNTESTED NO POWER CORD picture

VINTAGE APPLE MACINTOSH POWERBOOK G3 UNTESTED NO POWER CORD

$64.99


Apple Macintosh Plus 1Mb Vintage Desktop Computer No Return Needs Work picture

Apple Macintosh Plus 1Mb Vintage Desktop Computer No Return Needs Work

$149.99


Vintage Apple III Brochure for BPI Accounting Series, very nice condition picture

Vintage Apple III Brochure for BPI Accounting Series, very nice condition

$50.00


Vintage Apple A2M6016 12

Vintage Apple A2M6016 12" Monochrome Monitor

$25.00


Vintage Apple MacBook Pro 17

Vintage Apple MacBook Pro 17" A1229 MA897LL/A C2D 2.4GHz 4 GB RAM 160 GB HDD

$149.95


Discussions

No Discussions have been posted on this vulnerability.