[VIM] xpdf/etc. - clarity needed for CVEs (fwd)
Steven M. Christey
coley at linus.mitre.org
Fri Jan 6 12:48:46 EST 2006
FYI, I haven't updated the CVEs yet but this is important/timely enough I
figured I'd pass it on.
- Steve
---------- Forwarded message ----------
Date: Fri, 06 Jan 2006 12:38:42 -0500
From: [Red Hat]
To: Chris Evans
Cc: Steven M. Christey <coley at mitre.org>, [RED HAT], [GENTOO]
Subject: Re: xpdf/etc. - clarity needed for CVEs
Here are the bits you should need to update the entries:
These numbers refer to Chris' advisory:
http://scary.beasts.org/security/CESA-2005-003.txt
1) Out-of-bounds heap accesses with large or negative parameters to
"FlateDecode" stream.
* CVE-2005-3192 <- This overlaps with one of the iDEFENSE advisories
2) Out-of-bounds heap accesses with large or negative parameters to
"CCITTFaxDecode" stream.
* CVE-2005-3624
3) Infinite CPU spins in various places when stream ends unexpectedly.
Probably repeated at various locations in the code.
* CVE-2005-3625
4) NULL pointer crash in the "FlateDecode" stream. (This flaw happens to
be fixed by the patch for CVE-2005-3192)
* CVE-2005-3626
5) Overflows of compInfo array in "DCTDecode" stream.
6) Possible to use index past end of array in "DCTDecode" stream.
7) More possible out-of-bounds indexing trouble in "DCTDecode" stream.
* CVE-2005-3627
Additionally, CVE-2005-3628 also refers to a buffer overflow in
JBIG2Bitmap::JBIG2Bitmap() of JBIG2Stream.cc
This was discovered by Ludwig Nussel and was silently fixed in most *pdf
updates.
More information about the VIM
mailing list