[VIM] Xpdf/kpdf mess

security curmudgeon jericho at attrition.org
Fri Jan 6 05:24:10 EST 2006


http://www.kde.org/info/security/advisory-20051207-1.txt
         CAN-2005-3191
         CAN-2005-3192
         CAN-2005-3193

Multiple overflows, seemed easy enough.

http://www.kde.org/info/security/advisory-20051207-2.txt
         CAN-2005-3191
         CAN-2005-3192
         CAN-2005-3193
         CVE-2005-3624
         CVE-2005-3625
         CVE-2005-3626
         CVE-2005-3627
         CESA-2005-003

Now, four more issues. CVE is closed currently, but even if they open i'm 
wondering how big of a mess this is. The original makes it sound like 
'multiple overflows in xpdf', and kpdf shares a lot of the code. However, 
checking the gentoo bugzilla, we see this may affect a lot more 
applications.

http://bugs.gentoo.org/show_bug.cgi?id=117481

   Opening separate bugs for cups, poppler, gpdf.

   Handling pdftohtml, tetex, pdff, kword on their respective bugs that are
   still open.

   kpdf and kword already silently patched in CVS.


So we have: cups, poppler, gpdf, pdftohtml, tetex, pdff, kword, kpdf

This makes it sound like an underlying library, or each utility shared the 
vulnerable code?


More information about the VIM mailing list