xpdf -- makeFileKey2() buffer overflow vulnerability

Description:

An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer included in multiple Unix and Linux distributions could allow for arbitrary code execution as the user viewing a PDF file.

The vulnerability specifically exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. The offending code can be found in the Decrypt::makeFileKey2 function in the source file xpdf/Decrypt.cc.

References:

CVE name CVE-2005-0064
List post: <http://marc.theaimsgroup.com/?l=bugtraq&m=110608898221554>(search)
URL: <http://www.koffice.org/security/advisory-20050120-1.txt>

Affects:

xpdf <3.00_6
kdegraphics <3.3.2_2
gpdf <2.8.3
teTeX-base <2.0.2_9
cups-base <1.1.23.0_3
koffice <1.3.5_2,1
pdftohtml <0.36_2

portaudit: xpdf -- makeFileKey2() buffer overflow vulnerability

Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.

If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Officer. Refer to "FreeBSD Security Information" for more information.

Oliver Eikemeier <eik@FreeBSD.org>