ID

VAR-200707-0577

CVE

CVE-2007-3387

TITLE

gpdf Integer overflow vulnerability

DESCRIPTION

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. Background ========== KOffice is an integrated office suite for KDE. KWord is the KOffice word processor. KPDF is a KDE-based PDF viewer included in the kdegraphics package. http://creativecommons.org/licenses/by-sa/2.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHC/wXuhJ+ozIKI5gRAhh+AJ0dKyYwWcqlfdkzH9BPsiOB37T+vQCfbBlI 7Gg6tQlmD0S9r3+mIxCBGPQ= =oXjB -----END PGP SIGNATURE----- . TITLE: GNOME gpdf Xpdf Multiple Integer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA18375 VERIFY ADVISORY: http://secunia.com/advisories/18375/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: GNOME 2.x http://secunia.com/product/3277/ DESCRIPTION: Some vulnerabilities have been reported in GNOME gpdf, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerabilities are caused due to the use of a vulnerable version of Xpdf. For more information: SA18303 SOLUTION: Restrict use to trusted PDF files only. OTHER REFERENCES: SA18303: http://secunia.com/advisories/18303/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . The oldstable distribution (sarge) doesn't include poppler. For the stable distribution (etch) this problem has been fixed in version 0.4.5-5.1etch1. For the unstable distribution (sid) this problem will be fixed soon. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Source archives: http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch1.dsc Size/MD5 checksum: 749 b1346c2cb4aee0ae1ca33ba060094007 http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch1.diff.gz Size/MD5 checksum: 482690 2f989d0448c2692300bd751bf522f5bd http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz Size/MD5 checksum: 783752 2bb1c75aa3f9c42f0ba48b5492e6d32c Alpha architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 773812 d76d764076316ae07e8087303cc30992 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 55132 cb35ceb01b25cdfc3f79442b3448d02b http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 33820 a4a9c2b76f3701a78a9b14e970bb5ba1 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 504252 a9026c228974e16e5d89a25042ad7318 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 42904 c9bdb4e29ddad178743b31e90713c000 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 30346 6955b6218af2165b20e231d25e804514 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_alpha.deb Size/MD5 checksum: 86226 ec4c7750b60b527c1ffadcdccc2fc511 AMD64 architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 611808 4cf7b4f5c7913c534e137cde3a02f48d http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 45814 24824bf98843df51422173dd1420ffcd http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 30766 9d5a8cac9a7c6988ed72134992cdad1b http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 456460 1efb9a77c4f2ac098e24d93adb45c9bf http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 41300 4b809ddb231c59b108002aac26b2478f http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 29528 5d0c79cd1b94df97d21ecce34e8fdfc3 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_amd64.deb Size/MD5 checksum: 83972 e0e8cd89085e72d350fd43e56021ced9 ARM architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 592632 63898117c4adef3f675f1b918d9aea82 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 44500 d5a82185b30a5e855a236a08395bcb21 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 30532 451a4ffa778a82ccd9dbe54f2f239c92 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 437908 0a6689b9a291458d022f9369650b7e17 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 39610 f2a40182a431d998a73a7c0dc40998a8 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 29242 58097f3bd8ce4c571f162b50ddfcec06 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_arm.deb Size/MD5 checksum: 82498 7d3d731f89241c00b3107a1f2ad74ce8 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 573554 725e3b628ecfb382bfd9d75049d24f84 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 44092 93d59749719868c9e8e855ba5be957c1 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 30104 d867bd597db2deb7a818780addad7c46 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 443208 3c98ad946f941c338ce310c4dd58974f http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 40564 1d30a6edbb90f4ce1c477ed5be4e66f0 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 29336 ba2d26951c5f57b25319c00370f5d4d1 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_i386.deb Size/MD5 checksum: 80734 4c162ed3aa37045dd23a9aaf97d62f7d Intel IA-64 architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 808452 36eddb1c87e228a10e040e4aa810dd9f http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 54684 ee6598a0976411bc0642a18fbac9ec9f http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 33624 232ee172a92e67387fd0d2f0a85a44cc http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 613016 24b0da95fed8f02496f3bde2f16ff34d http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 47654 eb848894eda39ab7489a88cb31437ea1 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 32046 62595c13e89cff5556267b8d154f6549 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_ia64.deb Size/MD5 checksum: 105128 ba70646ab595919bb3624431170e9384 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 672040 1461dead73436314eb88935df1ae9b13 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 49638 7ee217f6d2f57a2e788092f1dfc7f0a3 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 32002 90d28e7f4057ded75ca7cb7737cdce8e http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 456562 fb22da4c7ea123176dcdb4021ed2dce4 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 41234 c296d08bdf88d83c995f5051127b19ba http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 29720 c31f5aa7cc55fc91efc83213e06791c9 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_mips.deb Size/MD5 checksum: 86744 663cd6aa6d9ee644aa3274338f6e34e6 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 664562 a76a9ae04b3d9079316460dfd37541cf http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 49610 9c4bf1245c7b16b6b216bbcf621204b4 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 32034 fc77f927262ce430bcd065748b73ad66 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 444222 1d2caa1d87e4d0b43418949153943187 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 41046 070d0467544cb0581f0b3c133bad9d06 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 29680 e37a2a5a6c24e9417cd67db9897fd486 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_mipsel.deb Size/MD5 checksum: 86486 aef8e31c38421662f3a875eb10d686e5 PowerPC architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 651526 05cf43f123f3e547456cd8ab4469c609 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 47968 bfa6208065b64793934a43132c1421e3 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 31240 4d570e4ed7ee00fcc509b211cc06cfa1 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 472044 5468d5759aab624d75a5ae5ec8f80ea3 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 42980 588a81cdeaf6331b5bdd03b72039aea8 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 31274 1e1dbc0e4eda9c8f69ff370110d1c294 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_powerpc.deb Size/MD5 checksum: 89146 475c8547c2286342097e71ca8be5e8f9 IBM S/390 architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 621210 ed5404bd2125854397cbd66d833122ca http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 46662 f136bcbde244026bd7a5cb382909cf00 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 30396 48b3fdfa120eb49bb55fbb4dd61386cb http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 453426 267940fd3f7e641db873334b5bacc1fe http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 41518 c32030d7252d0e5b0a40988723e36239 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 29298 dd5bd8caf52912a5b5e4ebc3f1b1833f http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_s390.deb Size/MD5 checksum: 80530 897b5056de7468e496e225668055d58a Sun Sparc architecture: http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 582952 c2d24c1f0036704fe390e629d679c56a http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 44374 27e3b0f740919f3519f8cd1146b18f96 http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 30458 faccd537766990407a2720fe72ad437e http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 443556 38ec6210f11c0c2e55c5b8d47dd5c17e http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 40288 3af24912658ddecae77870cba99d7ca6 http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 29122 00d80797d532b53164c3a6b62f78fc43 http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch1_sparc.deb Size/MD5 checksum: 78120 5106a5323bfcf84b61ed6d0cc8203a27 These files will probably be moved into the stable distribution on its next update. ** REJECTED ** Do not use this application number. ConsultIDs: CVE-2007-3387. Reason: This application number is a duplicate of CVE-2007-3387. =========================================================== Ubuntu Security Notice USN-496-2 August 07, 2007 poppler vulnerability CVE-2007-3387 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libpoppler1 0.5.1-0ubuntu7.2 Ubuntu 6.10: libpoppler1 0.5.4-0ubuntu4.2 Ubuntu 7.04: libpoppler1 0.5.4-0ubuntu8.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-496-1 fixed a vulnerability in koffice. This update provides the corresponding updates for poppler, the library used for PDF handling in Gnome. Background ========== teTeX is a complete TeX distribution for editing documents. Other vulnerabilities have also been discovered in the same file but might not be exploitable (CVE-2007-0650). Tetex also includes vulnerable code from GD library (GLSA 200708-05), and from Xpdf (CVE-2007-3387). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200710-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PDFKit, ImageKits: Buffer overflow Date: October 18, 2007 Bugs: #188185 ID: 200710-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== PDFKit and ImageKits are vulnerable to an integer overflow and a stack overflow allowing for the user-assisted execution of arbitrary code. Background ========== PDFKit is a framework for rendering of PDF content in GNUstep applications. ImageKits is a collection of frameworks to support imaging in GNUstep applications. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 gnustep-libs/pdfkit <= 0.9_pre062906 Vulnerable! 2 gnustep-libs/imagekits <= 0.6 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ImageKits also contains a copy of PDFKit. Workaround ========== There is no known workaround at this time. Resolution ========== PDFKit and ImageKits are not maintained upstream, so the packages were masked in Portage. We recommend that users unmerge PDFKit and ImageKits: # emerge --unmerge gnustep-libs/pdfkit # emerge --unmerge gnustep-libs/imagekits As an alternative, users should upgrade their systems to use PopplerKit instead of PDFKit and Vindaloo instead of ViewPDF. References ========== [ 1 ] CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 [ 2 ] GLSA 200709-12 http://www.gentoo.org/security/en/glsa/glsa-200709-12.xml Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200710-20.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:164 http://www.mandriva.com/security/ _______________________________________________________________________ Package : tetex Date : August 14, 2007 Affected: 2007.0, 2007.1, Corporate 4.0 _______________________________________________________________________ Problem Description: Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. In addition, tetex contains an embedded copy of the GD library which suffers from a number of bugs which potentially lead to denial of service and possibly other issues. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473) Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474) The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475) Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476) The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477) Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478) Updated packages have been patched to prevent these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3477 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3478 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: fb959e3f6f872b50954fa8da4fe3c419 2007.0/i586/jadetex-3.12-116.4mdv2007.0.i586.rpm 02e7b28c729ec9f57d5268daedee85e7 2007.0/i586/tetex-3.0-18.4mdv2007.0.i586.rpm 8b89557fbac6f6b37f78f2a2aee16569 2007.0/i586/tetex-afm-3.0-18.4mdv2007.0.i586.rpm f5169a380ec30b11a69b37c38e81555f 2007.0/i586/tetex-context-3.0-18.4mdv2007.0.i586.rpm f4dbfde981fd4658044222bc159ecd41 2007.0/i586/tetex-devel-3.0-18.4mdv2007.0.i586.rpm e0f85c8410194f78ba2aea95e4f9483b 2007.0/i586/tetex-doc-3.0-18.4mdv2007.0.i586.rpm 9753cb8ba53e41a19bdd46bd21d149e0 2007.0/i586/tetex-dvilj-3.0-18.4mdv2007.0.i586.rpm bf28b703c43dea8ddedd6b3dd31d6d4d 2007.0/i586/tetex-dvipdfm-3.0-18.4mdv2007.0.i586.rpm 456feadedb60e9b8f0fa653a4b8c242c 2007.0/i586/tetex-dvips-3.0-18.4mdv2007.0.i586.rpm 596d3a551105ed4ae7504069d97ea15b 2007.0/i586/tetex-latex-3.0-18.4mdv2007.0.i586.rpm 0fa6f2279adff2c0e49e021342684962 2007.0/i586/tetex-mfwin-3.0-18.4mdv2007.0.i586.rpm 4dfbc03ccff172c0031f3b66f49f2e67 2007.0/i586/tetex-texi2html-3.0-18.4mdv2007.0.i586.rpm 3fe94235dcf1d60559c5e22dcb661135 2007.0/i586/tetex-xdvi-3.0-18.4mdv2007.0.i586.rpm 50face08da8982afdcaa653c46d23893 2007.0/i586/xmltex-1.9-64.4mdv2007.0.i586.rpm 63549bc50b3b654e72be1947d1b3d79b 2007.0/SRPMS/tetex-3.0-18.4mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 3ba044a5b0cbd36b27fa8ebd60d51e8d 2007.0/x86_64/jadetex-3.12-116.4mdv2007.0.x86_64.rpm 94b050b17693804a81e68107b37aade8 2007.0/x86_64/tetex-3.0-18.4mdv2007.0.x86_64.rpm dca2d262c4345720681e776de7aaf3b5 2007.0/x86_64/tetex-afm-3.0-18.4mdv2007.0.x86_64.rpm 6387c4e3923b174732ea42e1c1961f31 2007.0/x86_64/tetex-context-3.0-18.4mdv2007.0.x86_64.rpm 9e31f83c40c6bf2bd0528fd8debc7da0 2007.0/x86_64/tetex-devel-3.0-18.4mdv2007.0.x86_64.rpm b61e81383f6becccb285e0e9e3c04fc8 2007.0/x86_64/tetex-doc-3.0-18.4mdv2007.0.x86_64.rpm ff32dc4e3ee6c9ce2e7160e0e2e8d000 2007.0/x86_64/tetex-dvilj-3.0-18.4mdv2007.0.x86_64.rpm d4bf450a8fc9da8d97cb03a5fd895e5d 2007.0/x86_64/tetex-dvipdfm-3.0-18.4mdv2007.0.x86_64.rpm 9bb0bb329efda5960b7c43cab4bb60a8 2007.0/x86_64/tetex-dvips-3.0-18.4mdv2007.0.x86_64.rpm a6e2b2af59a022db1ccc897d78fd3df1 2007.0/x86_64/tetex-latex-3.0-18.4mdv2007.0.x86_64.rpm 6fdee1957e97c37034bafd9546071553 2007.0/x86_64/tetex-mfwin-3.0-18.4mdv2007.0.x86_64.rpm a10d83249b768f676eabcbdc8d1def85 2007.0/x86_64/tetex-texi2html-3.0-18.4mdv2007.0.x86_64.rpm 71907f30dc7beb72245329e3df4f3d13 2007.0/x86_64/tetex-xdvi-3.0-18.4mdv2007.0.x86_64.rpm 824f5631d126e96851540ce059f378a6 2007.0/x86_64/xmltex-1.9-64.4mdv2007.0.x86_64.rpm 63549bc50b3b654e72be1947d1b3d79b 2007.0/SRPMS/tetex-3.0-18.4mdv2007.0.src.rpm Mandriva Linux 2007.1: 81f9fad03bffde4848b2684b0beaf1be 2007.1/i586/jadetex-3.12-129.3mdv2007.1.i586.rpm 240f0698cc266be75607780ca95f7df9 2007.1/i586/tetex-3.0-31.3mdv2007.1.i586.rpm adaa2d6fa7128e0c1ef125c5b2a27bd1 2007.1/i586/tetex-afm-3.0-31.3mdv2007.1.i586.rpm 143aa48143998f5ffd5877fb348c06c3 2007.1/i586/tetex-context-3.0-31.3mdv2007.1.i586.rpm 3a3b1e82a1fb3e2260eeac49bd038d44 2007.1/i586/tetex-devel-3.0-31.3mdv2007.1.i586.rpm 98781fd21fae15a9d190387bb7c894fa 2007.1/i586/tetex-doc-3.0-31.3mdv2007.1.i586.rpm 162cc4138d291f34e17589dcbaf47e02 2007.1/i586/tetex-dvilj-3.0-31.3mdv2007.1.i586.rpm c290665965a32365750302b66998cf9c 2007.1/i586/tetex-dvipdfm-3.0-31.3mdv2007.1.i586.rpm 521a43054786848837cadf65d7373adb 2007.1/i586/tetex-dvips-3.0-31.3mdv2007.1.i586.rpm db59616b644d2d040bf20bba50b98a52 2007.1/i586/tetex-latex-3.0-31.3mdv2007.1.i586.rpm 42b078d4e8b5ecfa43cecd105cfd9973 2007.1/i586/tetex-mfwin-3.0-31.3mdv2007.1.i586.rpm d80a680507279c769af4eac68342779e 2007.1/i586/tetex-texi2html-3.0-31.3mdv2007.1.i586.rpm 6ad4a6a5df7c31302c0d8f0294b441fe 2007.1/i586/tetex-usrlocal-3.0-31.3mdv2007.1.i586.rpm a636c345e691cfcad8bb057aa724ca32 2007.1/i586/tetex-xdvi-3.0-31.3mdv2007.1.i586.rpm 81cb470114d43d4ba480c7ef38ad8f9b 2007.1/i586/xmltex-1.9-77.3mdv2007.1.i586.rpm 1fe7e7ec1366f1c03208b9acf2c6e4dc 2007.1/SRPMS/tetex-3.0-31.3mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 931bdcfab39b511372c0fe1667cdec9b 2007.1/x86_64/jadetex-3.12-129.3mdv2007.1.x86_64.rpm be2917b026909b9fe2d6f54425f0ae01 2007.1/x86_64/tetex-3.0-31.3mdv2007.1.x86_64.rpm 3927b9a088b3dbbb035ab504724224fa 2007.1/x86_64/tetex-afm-3.0-31.3mdv2007.1.x86_64.rpm 5e0dc9457f6e864bfd097e52540ca691 2007.1/x86_64/tetex-context-3.0-31.3mdv2007.1.x86_64.rpm c360e8b3bb98ee7f7467028038e97e1a 2007.1/x86_64/tetex-devel-3.0-31.3mdv2007.1.x86_64.rpm d48d985a35aa93c17c45349c28c0b243 2007.1/x86_64/tetex-doc-3.0-31.3mdv2007.1.x86_64.rpm eb67ec1e91e422ecfa36f1cbbac8971a 2007.1/x86_64/tetex-dvilj-3.0-31.3mdv2007.1.x86_64.rpm 851858c723458b732e522a3c0e61369c 2007.1/x86_64/tetex-dvipdfm-3.0-31.3mdv2007.1.x86_64.rpm a0eda317da29934a5633f42b177a530f 2007.1/x86_64/tetex-dvips-3.0-31.3mdv2007.1.x86_64.rpm 753c701f03329627fb9e39753981e843 2007.1/x86_64/tetex-latex-3.0-31.3mdv2007.1.x86_64.rpm d994a4854aba90786bbd9a4ec3c12019 2007.1/x86_64/tetex-mfwin-3.0-31.3mdv2007.1.x86_64.rpm e655586388e11bf71063402efc3a7753 2007.1/x86_64/tetex-texi2html-3.0-31.3mdv2007.1.x86_64.rpm 9d5f65b626bd71949a07e6c7431817e0 2007.1/x86_64/tetex-usrlocal-3.0-31.3mdv2007.1.x86_64.rpm 55315fd53192e1d99eee611c658d803e 2007.1/x86_64/tetex-xdvi-3.0-31.3mdv2007.1.x86_64.rpm 64af62bd89fcac2a4ffad45a8eae77d6 2007.1/x86_64/xmltex-1.9-77.3mdv2007.1.x86_64.rpm 1fe7e7ec1366f1c03208b9acf2c6e4dc 2007.1/SRPMS/tetex-3.0-31.3mdv2007.1.src.rpm Corporate 4.0: ded203c11a86b123fb65dccf7ebefe7b corporate/4.0/i586/jadetex-3.12-110.6.20060mlcs4.i586.rpm 02ca90145d6b09cdd92bc9906a9dfa41 corporate/4.0/i586/tetex-3.0-12.6.20060mlcs4.i586.rpm 9af4a0c59bf34cb69ec03feeecc10b51 corporate/4.0/i586/tetex-afm-3.0-12.6.20060mlcs4.i586.rpm c4a7cdb06beb70e2652fee997cd5acd1 corporate/4.0/i586/tetex-context-3.0-12.6.20060mlcs4.i586.rpm 4d4e89d588e0ec5a1a30659b194e53a7 corporate/4.0/i586/tetex-devel-3.0-12.6.20060mlcs4.i586.rpm 7ae26e309360bdfdb9c5c503b0d4edf9 corporate/4.0/i586/tetex-doc-3.0-12.6.20060mlcs4.i586.rpm 302004f96913e500079054ecb03adda9 corporate/4.0/i586/tetex-dvilj-3.0-12.6.20060mlcs4.i586.rpm 00cd5bce374228d46b18d5b2210639f9 corporate/4.0/i586/tetex-dvipdfm-3.0-12.6.20060mlcs4.i586.rpm f216bf18966462b172832a6f8a27fd78 corporate/4.0/i586/tetex-dvips-3.0-12.6.20060mlcs4.i586.rpm f1b3b6fcb547e477570f1311fa7367a0 corporate/4.0/i586/tetex-latex-3.0-12.6.20060mlcs4.i586.rpm 86eb52c3286302e3343928a7bdeb9548 corporate/4.0/i586/tetex-mfwin-3.0-12.6.20060mlcs4.i586.rpm a769eab0038bac03e47a72b634f79e19 corporate/4.0/i586/tetex-texi2html-3.0-12.6.20060mlcs4.i586.rpm fd8530a3177047b3dd9ad9f5c1116020 corporate/4.0/i586/tetex-xdvi-3.0-12.6.20060mlcs4.i586.rpm 7d647f0f6d3db2a9a0f3b6be1fcb672c corporate/4.0/i586/xmltex-1.9-58.6.20060mlcs4.i586.rpm 8118fdc39814ac5d79b8763a5eaeee61 corporate/4.0/SRPMS/tetex-3.0-12.6.20060mlcs4.src.rpm Corporate 4.0/X86_64: 03656d00a3a0ab1847acb665ef68d947 corporate/4.0/x86_64/jadetex-3.12-110.6.20060mlcs4.x86_64.rpm df2818955a171b5e682b2e481ea456f0 corporate/4.0/x86_64/tetex-3.0-12.6.20060mlcs4.x86_64.rpm b33cd2edda19f78a7fc67d5fff165b0a corporate/4.0/x86_64/tetex-afm-3.0-12.6.20060mlcs4.x86_64.rpm 7d5818ed21c76ed6ea5db364fb4e9693 corporate/4.0/x86_64/tetex-context-3.0-12.6.20060mlcs4.x86_64.rpm 58f46f75a1d4df827911727ebacbc352 corporate/4.0/x86_64/tetex-devel-3.0-12.6.20060mlcs4.x86_64.rpm edc968cfaa147eb6c0a44d367945cdee corporate/4.0/x86_64/tetex-doc-3.0-12.6.20060mlcs4.x86_64.rpm cbb35ba57e6b7e4ff5e1f7746a556dba corporate/4.0/x86_64/tetex-dvilj-3.0-12.6.20060mlcs4.x86_64.rpm 64037dfd41b52942db831d5d1db263ae corporate/4.0/x86_64/tetex-dvipdfm-3.0-12.6.20060mlcs4.x86_64.rpm 521ac94898d0dd328a72b41a897cac77 corporate/4.0/x86_64/tetex-dvips-3.0-12.6.20060mlcs4.x86_64.rpm 7b08d2c8978a0d020d8bd29478e9300c corporate/4.0/x86_64/tetex-latex-3.0-12.6.20060mlcs4.x86_64.rpm 2c8045b7090444ae36576040d4106399 corporate/4.0/x86_64/tetex-mfwin-3.0-12.6.20060mlcs4.x86_64.rpm 3124bf387e243377003b3bf21d34b6b9 corporate/4.0/x86_64/tetex-texi2html-3.0-12.6.20060mlcs4.x86_64.rpm 88ea09f36b9281e64061a2ca25d10719 corporate/4.0/x86_64/tetex-xdvi-3.0-12.6.20060mlcs4.x86_64.rpm e34498cb80e93ccd2b592ff8a722b985 corporate/4.0/x86_64/xmltex-1.9-58.6.20060mlcs4.x86_64.rpm 8118fdc39814ac5d79b8763a5eaeee61 corporate/4.0/SRPMS/tetex-3.0-12.6.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGwgCrmqjQ0CJFipgRAvxaAKD0oN2+nbJYsb/02Pfv7e91rH+OwQCgoNcD E25vkVsg47bEpt/Rv8lWmms= =oC5G -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

overflow, arbitrary

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES