blob: f4a421d7a5c075f78667fa18f31feff11bf66b8f [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200803-17">
<title>PDFlib: Multiple buffer overflows</title>
Multiple stack-based buffer overflows have been reported in PDFlib.
<product type="ebuild">pdflib</product>
<announced>March 10, 2008</announced>
<revised>March 10, 2008: 01</revised>
<package name="media-libs/pdflib" auto="yes" arch="*">
<unaffected range="ge">7.0.2_p8</unaffected>
<vulnerable range="lt">7.0.2_p8</vulnerable>
PDFlib is a library for generating PDF on the fly.
poplix reported multiple boundary errors in the pdc_fsearch_fopen()
function when processing overly long filenames.
<impact type="normal">
A remote attacker could send specially crafted content to a vulnerable
application using PDFlib, possibly resulting in the remote execution of
arbitrary code with the privileges of the user running the application.
There is no known workaround at this time.
All PDFlib users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-libs/pdflib-7.0.2_p8&quot;</code>
<uri link="">CVE-2007-6561</uri>
<metadata tag="requester" timestamp="Sat, 08 Mar 2008 16:26:44 +0000">
<metadata tag="submitter" timestamp="Mon, 10 Mar 2008 12:46:32 +0000">
<metadata tag="bugReady" timestamp="Mon, 10 Mar 2008 12:46:45 +0000">