[VIM] Xpdf/kpdf mess
security curmudgeon
jericho at attrition.org
Fri Jan 6 05:24:10 EST 2006
http://www.kde.org/info/security/advisory-20051207-1.txt
CAN-2005-3191
CAN-2005-3192
CAN-2005-3193
Multiple overflows, seemed easy enough.
http://www.kde.org/info/security/advisory-20051207-2.txt
CAN-2005-3191
CAN-2005-3192
CAN-2005-3193
CVE-2005-3624
CVE-2005-3625
CVE-2005-3626
CVE-2005-3627
CESA-2005-003
Now, four more issues. CVE is closed currently, but even if they open i'm
wondering how big of a mess this is. The original makes it sound like
'multiple overflows in xpdf', and kpdf shares a lot of the code. However,
checking the gentoo bugzilla, we see this may affect a lot more
applications.
http://bugs.gentoo.org/show_bug.cgi?id=117481
Opening separate bugs for cups, poppler, gpdf.
Handling pdftohtml, tetex, pdff, kword on their respective bugs that are
still open.
kpdf and kword already silently patched in CVS.
So we have: cups, poppler, gpdf, pdftohtml, tetex, pdff, kword, kpdf
This makes it sound like an underlying library, or each utility shared the
vulnerable code?
More information about the VIM
mailing list