blob: 0698405037f61d6559cfa3f29dc1e5039b88e4a3 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200501-32">
<title>KPdf, KOffice: Stack overflow in included Xpdf code</title>
KPdf and KOffice both include vulnerable Xpdf code to handle PDF files,
making them vulnerable to the execution of arbitrary code.
<product type="ebuild">kpdf, koffice</product>
<announced>January 23, 2005</announced>
<revised>January 23, 2005: 01</revised>
<package name="app-office/koffice" auto="yes" arch="*">
<unaffected range="ge">1.3.5-r2</unaffected>
<vulnerable range="lt">1.3.5-r2</vulnerable>
<package name="kde-base/kdegraphics" auto="yes" arch="*">
<unaffected range="ge">3.3.2-r2</unaffected>
<unaffected range="rge">3.2.3-r4</unaffected>
<vulnerable range="lt">3.3.2-r2</vulnerable>
KPdf is a KDE-based PDF viewer included in the kdegraphics
package. KOffice is an integrated office suite for KDE.
KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf
is vulnerable to a new stack overflow, as described in GLSA 200501-28.
<impact type="normal">
An attacker could entice a user to open a specially-crafted PDF
file, potentially resulting in the execution of arbitrary code with the
rights of the user running the affected application.
There is no known workaround at this time.
All KPdf users should upgrade to the latest version of
# emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdegraphics</code>
All KOffice users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose app-office/koffice</code>
<uri link="/security/en/glsa/glsa-200501-28.xml">GLSA 200501-18</uri>
<uri link="">CAN-2005-0064</uri>
<uri link="">KDE Security Advisory: kpdf Buffer Overflow Vulnerability</uri>
<uri link="">KDE Security Advisory: KOffice PDF Import Filter Vulnerability</uri>
<metadata tag="submitter" timestamp="Sat, 22 Jan 2005 09:23:04 +0000">
<metadata tag="bugReady" timestamp="Sun, 23 Jan 2005 12:21:06 +0000">