Vulnerabilities > CVE-2005-0064 - Unspecified vulnerability in Xpdf

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
xpdf
nessus

Summary

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-021.NASL
    descriptionA buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Tetex uses xpdf code and is susceptible to the same vulnerability. The updated packages have been patched to prevent these problems.
    last seen2020-06-01
    modified2020-06-02
    plugin id16258
    published2005-01-26
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16258
    titleMandrake Linux Security Advisory : tetex (MDKSA-2005:021)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2005:021. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(16258);
      script_version ("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:47");
    
      script_cve_id("CVE-2005-0064");
      script_xref(name:"MDKSA", value:"2005:021");
    
      script_name(english:"Mandrake Linux Security Advisory : tetex (MDKSA-2005:021)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A buffer overflow vulnerability was discovered in the xpdf PDF code,
    which could allow for arbitrary code execution as the user viewing a
    PDF file. The vulnerability exists due to insufficient bounds checking
    while processing a PDF file that provides malicious values in the
    /Encrypt /Length tag. Tetex uses xpdf code and is susceptible to the
    same vulnerability.
    
    The updated packages have been patched to prevent these problems."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:jadetex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-afm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-context");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-dvilj");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-dvipdfm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-dvips");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-latex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-mfwin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-texi2html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tetex-xdvi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xmltex");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/01/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK10.0", reference:"jadetex-3.12-93.2.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"tetex-2.0.2-14.2.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"tetex-afm-2.0.2-14.2.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"tetex-context-2.0.2-14.2.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"tetex-devel-2.0.2-14.2.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"tetex-doc-2.0.2-14.2.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"tetex-dvilj-2.0.2-14.2.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"tetex-dvipdfm-2.0.2-14.2.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"tetex-dvips-2.0.2-14.2.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"tetex-latex-2.0.2-14.2.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"tetex-mfwin-2.0.2-14.2.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"tetex-texi2html-2.0.2-14.2.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"tetex-xdvi-2.0.2-14.2.100mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.0", reference:"xmltex-1.9-41.2.100mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK10.1", reference:"jadetex-3.12-98.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"tetex-2.0.2-19.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"tetex-afm-2.0.2-19.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"tetex-context-2.0.2-19.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"tetex-devel-2.0.2-19.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"tetex-doc-2.0.2-19.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"tetex-dvilj-2.0.2-19.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"tetex-dvipdfm-2.0.2-19.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"tetex-dvips-2.0.2-19.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"tetex-latex-2.0.2-19.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"tetex-mfwin-2.0.2-19.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"tetex-texi2html-2.0.2-19.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"tetex-xdvi-2.0.2-19.2.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"xmltex-1.9-46.2.101mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-049.NASL
    descriptionUpdated CUPS packages that fixes a security issue are now available. The Common UNIX Printing System provides a portable printing layer for UNIX(R) operating systems. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects the CUPS pdftops filter due to a shared codebase. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the
    last seen2020-06-01
    modified2020-06-02
    plugin id16297
    published2005-02-02
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16297
    titleRHEL 3 : cups (RHSA-2005:049)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:049. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(16297);
      script_version ("1.27");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2005-0064");
      script_xref(name:"RHSA", value:"2005:049");
    
      script_name(english:"RHEL 3 : cups (RHSA-2005:049)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated CUPS packages that fixes a security issue are now available.
    
    The Common UNIX Printing System provides a portable printing layer for
    UNIX(R) operating systems.
    
    A buffer overflow flaw was found in the Decrypt::makeFileKey2 function
    of Xpdf which also affects the CUPS pdftops filter due to a shared
    codebase. An attacker who has the ability to send a malicious PDF file
    to a printer could possibly execute arbitrary code as the 'lp' user.
    The Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the name CVE-2005-0064 to this issue.
    
    Red Hat believes that the Exec-Shield technology (enabled by default
    since Update 3) will block attempts to remotely exploit these buffer
    overflow vulnerabilities on x86 architectures.
    
    All users of cups should upgrade to these updated packages, which
    resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0064"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:049"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected cups, cups-devel and / or cups-libs packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/02/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:049";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"cups-1.1.17-13.3.24")) flag++;
      if (rpm_check(release:"RHEL3", reference:"cups-devel-1.1.17-13.3.24")) flag++;
      if (rpm_check(release:"RHEL3", reference:"cups-libs-1.1.17-13.3.24")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-066.NASL
    descriptionUpdated kdegraphics packages that resolve security issues in kpdf are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf that also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf which also affects kpdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0888 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id17178
    published2005-02-22
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17178
    titleRHEL 4 : kdegraphics (RHSA-2005:066)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:066. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17178);
      script_version ("1.24");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2004-0888", "CVE-2004-1125", "CVE-2005-0064");
      script_xref(name:"RHSA", value:"2005:066");
    
      script_name(english:"RHEL 4 : kdegraphics (RHSA-2005:066)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kdegraphics packages that resolve security issues in kpdf are
    now available.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The kdegraphics packages contain applications for the K Desktop
    Environment including kpdf, a pdf file viewer.
    
    A buffer overflow flaw was found in the Gfx::doImage function of Xpdf
    that also affects kpdf due to a shared codebase. An attacker could
    construct a carefully crafted PDF file that could cause kpdf to crash
    or possibly execute arbitrary code when opened. The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
    name CVE-2004-1125 to this issue.
    
    A buffer overflow flaw was found in the Decrypt::makeFileKey2 function
    of Xpdf which also affects kpdf due to a shared codebase. An attacker
    could construct a carefully crafted PDF file that could cause kpdf to
    crash or possibly execute arbitrary code when opened. The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
    name CVE-2005-0064 to this issue.
    
    During a source code audit, Chris Evans and others discovered a number
    of integer overflow bugs that affected all versions of Xpdf which also
    affects kpdf due to a shared codebase. An attacker could construct a
    carefully crafted PDF file that could cause kpdf to crash or possibly
    execute arbitrary code when opened. The Common Vulnerabilities and
    Exposures project (cve.mitre.org) has assigned the name CVE-2004-0888
    to this issue.
    
    Users should update to these erratum packages which contain backported
    patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-1125"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0064"
      );
      # http://www.kde.org/info/security/advisory-20041223-1.txt
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.kde.org/info/security/advisory-20041223-1.txt"
      );
      # http://www.kde.org/info/security/advisory-20050119-1.txt
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.kde.org/info/security/advisory-20050119-1.txt"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:066"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kdegraphics and / or kdegraphics-devel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(20);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdegraphics");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdegraphics-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/02/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:066";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"kdegraphics-3.3.1-3.3")) flag++;
      if (rpm_check(release:"RHEL4", reference:"kdegraphics-devel-3.3.1-3.3")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdegraphics / kdegraphics-devel");
      }
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-016.NASL
    descriptionA buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Gpdf uses xpdf code and is susceptible to the same vulnerability. The updated packages have been patched to prevent these problems.
    last seen2020-06-01
    modified2020-06-02
    plugin id16253
    published2005-01-26
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16253
    titleMandrake Linux Security Advisory : gpdf (MDKSA-2005:016)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2005:016. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(16253);
      script_version ("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:47");
    
      script_cve_id("CVE-2005-0064");
      script_xref(name:"MDKSA", value:"2005:016");
    
      script_name(english:"Mandrake Linux Security Advisory : gpdf (MDKSA-2005:016)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Mandrake Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A buffer overflow vulnerability was discovered in the xpdf PDF code,
    which could allow for arbitrary code execution as the user viewing a
    PDF file. The vulnerability exists due to insufficient bounds checking
    while processing a PDF file that provides malicious values in the
    /Encrypt /Length tag. Gpdf uses xpdf code and is susceptible to the
    same vulnerability.
    
    The updated packages have been patched to prevent these problems."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gpdf package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gpdf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/01/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK10.0", reference:"gpdf-0.112-2.5.100mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK10.1", reference:"gpdf-0.132-3.4.101mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-019.NASL
    descriptionA buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Koffice uses xpdf code and is susceptible to the same vulnerability. The updated packages have been patched to prevent these problems.
    last seen2020-06-01
    modified2020-06-02
    plugin id16256
    published2005-01-26
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16256
    titleMandrake Linux Security Advisory : koffice (MDKSA-2005:019)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200501-28.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200501-28 (Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2) iDEFENSE reports that the Decrypt::makeFileKey2 function in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id16419
    published2005-02-14
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16419
    titleGLSA-200501-28 : Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-017.NASL
    descriptionA buffer overflow vulnerability was discovered in the xpdf PDF viewer, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. The updated packages have been patched to prevent these problems.
    last seen2020-06-01
    modified2020-06-02
    plugin id16254
    published2005-01-26
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16254
    titleMandrake Linux Security Advisory : xpdf (MDKSA-2005:017)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-026.NASL
    descriptionUpdated tetex packages that resolve security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The tetex packages (teTeX) contain an implementation of TeX for Linux or UNIX systems. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects teTeX due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects teTeX due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. Users should update to these erratum packages which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id17338
    published2005-03-16
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17338
    titleRHEL 4 : tetex (RHSA-2005:026)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-059.NASL
    descriptionUpdated Xpdf package that fixes a stack based buffer overflow security issue is now available. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. A buffer overflow flaw was found when processing the /Encrypt /Length tag. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. Red Hat believes that the Exec-Shield technology (enabled by default since Update 3) will block attempts to exploit this vulnerability on x86 architectures. All users of the Xpdf package should upgrade to this updated package, which resolves this issue
    last seen2020-06-01
    modified2020-06-02
    plugin id16263
    published2005-01-26
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16263
    titleRHEL 3 : xpdf (RHSA-2005:059)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-64-1.NASL
    descriptionA buffer overflow has been found in the xpdf viewer. An insufficient input validation of the encryption key length could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id20683
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20683
    titleUbuntu 4.10 : xpdf, cupsys vulnerabilities (USN-64-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-057.NASL
    descriptionAn updated gpdf package that fixes two security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. GPdf is a viewer for Portable Document Format (PDF) files for GNOME. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects GPdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause GPdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf which also affects GPdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause GPdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf, which also affects GPdf due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause GPdf to crash or possibly execute arbitrary code when opened. This issue was assigned the name CVE-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). Red Hat Enterprise Linux 4 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206 to this issue. Users should update to this erratum package which contains backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id17175
    published2005-02-22
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17175
    titleRHEL 4 : gpdf (RHSA-2005:057)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200501-32.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200501-32 (KPdf, KOffice: Stack overflow in included Xpdf code) KPdf and KOffice both include Xpdf code to handle PDF files. Xpdf is vulnerable to a new stack overflow, as described in GLSA 200501-28. Impact : An attacker could entice a user to open a specially crafted PDF file, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id16423
    published2005-02-14
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16423
    titleGLSA-200501-32 : KPdf, KOffice: Stack overflow in included Xpdf code
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200501-31.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200501-31 (teTeX, pTeX, CSTeX: Multiple vulnerabilities) teTeX, pTeX and CSTeX all make use of Xpdf code and may therefore be vulnerable to the various overflows that were discovered in Xpdf code (CAN-2004-0888, CAN-2004-0889, CAN-2004-1125 and CAN-2005-0064). Furthermore, Javier Fernandez-Sanguino Pena discovered that the xdvizilla script does not handle temporary files correctly. Impact : An attacker could design a malicious input file which, when processed using one of the TeX distributions, could lead to the execution of arbitrary code. Furthermore, a local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When xdvizilla is called, this would result in the file being overwritten with the rights of the user running the script. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id16422
    published2005-02-14
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16422
    titleGLSA-200501-31 : teTeX, pTeX, CSTeX: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-053.NASL
    descriptionUpdated CUPS packages that fix several security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System provides a portable printing layer for UNIX(R) operating systems. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf, which also affects CUPS due to a shared codebase. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened. This issue was assigned the name CVE-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). Red Hat Enterprise Linux 4 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206 to this issue. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf which also affects the CUPS pdftops filter due to a shared codebase. An attacker who has the ability to send a malicious PDF file to a printer could possibly execute arbitrary code as the
    last seen2020-06-01
    modified2020-06-02
    plugin id17174
    published2005-02-22
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17174
    titleRHEL 4 : CUPS (RHSA-2005:053)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-648.NASL
    descriptioniDEFENSE has reported a buffer overflow in xpdf, the portable document format (PDF) suite. A maliciously crafted PDF file could exploit this problem, resulting in the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id16215
    published2005-01-19
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16215
    titleDebian DSA-648-1 : xpdf - buffer overflow
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-020.NASL
    descriptionA buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Kdegraphics uses xpdf code and is susceptible to the same vulnerability. 10.1 packages also include a fix for ksvg kde bug #74457. The updated packages have been patched to prevent these problems.
    last seen2020-06-01
    modified2020-06-02
    plugin id16257
    published2005-01-26
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16257
    titleMandrake Linux Security Advisory : kdegraphics (MDKSA-2005:020)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-034.NASL
    descriptionAn updated xpdf package that fixes several security issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. A buffer overflow flaw was found in the Gfx::doImage function of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1125 to this issue. A buffer overflow flaw was found in the Decrypt::makeFileKey2 function of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0064 to this issue. During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. This issue was assigned the name CVE-2004-0888 by The Common Vulnerabilities and Exposures project (cve.mitre.org). Red Hat Enterprise Linux 4 contained a fix for this issue, but it was found to be incomplete and left 64-bit architectures vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0206 to this issue. All users of Xpdf should upgrade to this updated package, which contains backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id17168
    published2005-02-22
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17168
    titleRHEL 4 : xpdf (RHSA-2005:034)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-018.NASL
    descriptionA buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. Cups uses xpdf code and is susceptible to the same vulnerability. The updated packages have been patched to prevent these problems.
    last seen2020-06-01
    modified2020-06-02
    plugin id16255
    published2005-01-26
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16255
    titleMandrake Linux Security Advisory : cups (MDKSA-2005:018)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200502-10.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200502-10 (pdftohtml: Vulnerabilities in included Xpdf) Xpdf is vulnerable to a buffer overflow, as described in GLSA 200501-28. Impact : An attacker could entice a user to convert a specially crafted PDF file, potentially resulting in the execution of arbitrary code with the rights of the user running pdftohtml. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id16447
    published2005-02-14
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16447
    titleGLSA-200502-10 : pdftohtml: Vulnerabilities in included Xpdf
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200506-06.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200506-06 (libextractor: Multiple overflow vulnerabilities) Xpdf is vulnerable to multiple overflows, as described in GLSA 200501-28. Also, integer overflows were discovered in Real and PNG extractors. Impact : An attacker could design malicious PDF, PNG or Real files which, when processed by an application making use of libextractor, would result in the execution of arbitrary code with the rights of the user running the application. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id18448
    published2005-06-10
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18448
    titleGLSA-200506-06 : libextractor: Multiple overflow vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-645.NASL
    descriptioniDEFENSE has reported a buffer overflow in xpdf, the portable document format (PDF) suite. Similar code is present in the PDF processing part of CUPS. A maliciously crafted PDF file could exploit this problem, resulting in the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id16212
    published2005-01-19
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16212
    titleDebian DSA-645-1 : cupsys - buffer overflow
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_F755545E6FCD11D9ABEC00061BD2D56F.NASL
    descriptionAn iDEFENSE Security Advisory reports : Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer included in multiple Unix and Linux distributions could allow for arbitrary code execution as the user viewing a PDF file. The vulnerability specifically exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. The offending code can be found in the Decrypt::makeFileKey2 function in the source file xpdf/Decrypt.cc.
    last seen2020-06-01
    modified2020-06-02
    plugin id19176
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19176
    titleFreeBSD : xpdf -- makeFileKey2() buffer overflow vulnerability (f755545e-6fcd-11d9-abec-00061bd2d56f)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200501-30.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200501-30 (CUPS: Stack overflow in included Xpdf code) The Decrypt::makeFileKey2 function in Xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id16421
    published2005-02-14
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16421
    titleGLSA-200501-30 : CUPS: Stack overflow in included Xpdf code

Oval

accepted2013-04-29T04:15:44.748-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionBuffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
familyunix
idoval:org.mitre.oval:def:11781
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleBuffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
version26

Redhat

advisories
  • rhsa
    idRHSA-2005:026
  • rhsa
    idRHSA-2005:034
  • rhsa
    idRHSA-2005:053
  • rhsa
    idRHSA-2005:057
  • rhsa
    idRHSA-2005:059
  • rhsa
    idRHSA-2005:066
rpms
  • tetex-0:2.0.2-22.EL4.4
  • tetex-afm-0:2.0.2-22.EL4.4
  • tetex-debuginfo-0:2.0.2-22.EL4.4
  • tetex-doc-0:2.0.2-22.EL4.4
  • tetex-dvips-0:2.0.2-22.EL4.4
  • tetex-fonts-0:2.0.2-22.EL4.4
  • tetex-latex-0:2.0.2-22.EL4.4
  • tetex-xdvi-0:2.0.2-22.EL4.4
  • xpdf-1:3.00-11.5
  • xpdf-debuginfo-1:3.00-11.5
  • cups-1:1.1.17-13.3.24
  • cups-debuginfo-1:1.1.17-13.3.24
  • cups-devel-1:1.1.17-13.3.24
  • cups-libs-1:1.1.17-13.3.24
  • cups-1:1.1.22-0.rc1.9.6
  • cups-debuginfo-1:1.1.22-0.rc1.9.6
  • cups-devel-1:1.1.22-0.rc1.9.6
  • cups-libs-1:1.1.22-0.rc1.9.6
  • gpdf-0:2.8.2-4.3
  • gpdf-debuginfo-0:2.8.2-4.3
  • xpdf-1:2.02-9.5
  • xpdf-debuginfo-1:2.02-9.5
  • kdegraphics-7:3.3.1-3.3
  • kdegraphics-debuginfo-7:3.3.1-3.3
  • kdegraphics-devel-7:3.3.1-3.3