Vulnerabilities > CVE-2005-2097 - Remote Denial of Service vulnerability in XPDF Loca Table Verification
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 3 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-708.NASL description An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gpdf package is an GNOME based viewer for Portable Document Format (PDF) files. Marcus Meissner reported a flaw in gpdf. An attacker could construct a carefully crafted PDF file that would cause gpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Note that this issue does not affect the version of gpdf in Red Hat Enterprise Linux 3 or 2.1. Users of gpdf should upgrade to this updated package, which contains a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 19425 published 2005-08-12 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19425 title RHEL 4 : gpdf (RHSA-2005:708) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:708. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(19425); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-2097"); script_xref(name:"RHSA", value:"2005:708"); script_name(english:"RHEL 4 : gpdf (RHSA-2005:708)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gpdf package is an GNOME based viewer for Portable Document Format (PDF) files. Marcus Meissner reported a flaw in gpdf. An attacker could construct a carefully crafted PDF file that would cause gpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Note that this issue does not affect the version of gpdf in Red Hat Enterprise Linux 3 or 2.1. Users of gpdf should upgrade to this updated package, which contains a backported patch to resolve this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-2097" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:708" ); script_set_attribute(attribute:"solution", value:"Update the affected gpdf package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gpdf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/16"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:708"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"gpdf-2.8.2-4.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gpdf"); } }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-138.NASL description A vulnerability was discovered in the CUPS printing package where when processing a PDF file, bounds checking was not correctly performed on some fields. As a result, this could cause the pdtops filter to crash. Update : The patch to correct this problem was not properly applied to the Mandriva 10.1 packages. This update properly patches the packages. last seen 2020-06-01 modified 2020-06-02 plugin id 19895 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19895 title Mandrake Linux Security Advisory : cups (MDKSA-2005:138-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:138. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(19895); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2005-2097"); script_xref(name:"MDKSA", value:"2005:138-1"); script_name(english:"Mandrake Linux Security Advisory : cups (MDKSA-2005:138-1)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability was discovered in the CUPS printing package where when processing a PDF file, bounds checking was not correctly performed on some fields. As a result, this could cause the pdtops filter to crash. Update : The patch to correct this problem was not properly applied to the Mandriva 10.1 packages. This update properly patches the packages." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cups-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cups-serial"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cups2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cups2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcups2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libcups2-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/09/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.1", reference:"cups-1.1.21-0.rc1.7.7.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"cups-common-1.1.21-0.rc1.7.7.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"cups-serial-1.1.21-0.rc1.7.7.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64cups2-1.1.21-0.rc1.7.7.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64cups2-devel-1.1.21-0.rc1.7.7.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libcups2-1.1.21-0.rc1.7.7.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libcups2-devel-1.1.21-0.rc1.7.7.101mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200508-08.NASL description The remote host is affected by the vulnerability described in GLSA-200508-08 (Xpdf, Kpdf, GPdf: Denial of Service vulnerability) Xpdf, Kpdf and GPdf do not handle a broken table of embedded TrueType fonts correctly. After detecting such a table, Xpdf, Kpdf and GPdf attempt to reconstruct the information in it by decoding the PDF file, which causes the generation of a huge temporary file. Impact : A remote attacker may cause a Denial of Service by creating a specially crafted PDF file, sending it to a CUPS printing system (which uses Xpdf), or by enticing a user to open it in Xpdf, Kpdf, or GPdf. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19441 published 2005-08-18 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19441 title GLSA-200508-08 : Xpdf, Kpdf, GPdf: Denial of Service vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200508-08. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(19441); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-2097"); script_xref(name:"GLSA", value:"200508-08"); script_name(english:"GLSA-200508-08 : Xpdf, Kpdf, GPdf: Denial of Service vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200508-08 (Xpdf, Kpdf, GPdf: Denial of Service vulnerability) Xpdf, Kpdf and GPdf do not handle a broken table of embedded TrueType fonts correctly. After detecting such a table, Xpdf, Kpdf and GPdf attempt to reconstruct the information in it by decoding the PDF file, which causes the generation of a huge temporary file. Impact : A remote attacker may cause a Denial of Service by creating a specially crafted PDF file, sending it to a CUPS printing system (which uses Xpdf), or by enticing a user to open it in Xpdf, Kpdf, or GPdf. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200508-08" ); script_set_attribute( attribute:"solution", value: "All Xpdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-text/xpdf-3.00-r10' All GPdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-text/gpdf-2.10.0-r1' All Kpdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=kde-base/kdegraphics-3.3.2-r3' All KDE Split Ebuild Kpdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=kde-base/kpdf-3.4.1-r1'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gpdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:kdegraphics"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:kpdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xpdf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/18"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"kde-base/kdegraphics", unaffected:make_list("ge 3.3.2-r3"), vulnerable:make_list("lt 3.3.2-r3"))) flag++; if (qpkg_check(package:"app-text/gpdf", unaffected:make_list("ge 2.10.0-r1"), vulnerable:make_list("lt 2.10.0-r1"))) flag++; if (qpkg_check(package:"kde-base/kpdf", unaffected:make_list("ge 3.4.1-r1"), vulnerable:make_list("lt 3.4.1-r1"))) flag++; if (qpkg_check(package:"app-text/xpdf", unaffected:make_list("ge 3.00-r10"), vulnerable:make_list("lt 3.00-r10"))) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get()); else security_note(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Xpdf / Kpdf / GPdf"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-708.NASL description An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gpdf package is an GNOME based viewer for Portable Document Format (PDF) files. Marcus Meissner reported a flaw in gpdf. An attacker could construct a carefully crafted PDF file that would cause gpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Note that this issue does not affect the version of gpdf in Red Hat Enterprise Linux 3 or 2.1. Users of gpdf should upgrade to this updated package, which contains a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21957 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21957 title CentOS 4 : gpdf (CESA-2005:708) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:708 and # CentOS Errata and Security Advisory 2005:708 respectively. # include("compat.inc"); if (description) { script_id(21957); script_version("1.18"); script_cvs_date("Date: 2019/10/25 13:36:02"); script_cve_id("CVE-2005-2097"); script_xref(name:"RHSA", value:"2005:708"); script_name(english:"CentOS 4 : gpdf (CESA-2005:708)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated gpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gpdf package is an GNOME based viewer for Portable Document Format (PDF) files. Marcus Meissner reported a flaw in gpdf. An attacker could construct a carefully crafted PDF file that would cause gpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Note that this issue does not affect the version of gpdf in Red Hat Enterprise Linux 3 or 2.1. Users of gpdf should upgrade to this updated package, which contains a backported patch to resolve this issue." ); # https://lists.centos.org/pipermail/centos-announce/2005-August/012055.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3d9badcd" ); # https://lists.centos.org/pipermail/centos-announce/2005-August/012059.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7ef57573" ); # https://lists.centos.org/pipermail/centos-announce/2005-August/012060.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4156148a" ); script_set_attribute(attribute:"solution", value:"Update the affected gpdf package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gpdf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/08/16"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", reference:"gpdf-2.8.2-4.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gpdf"); }NASL family Fedora Local Security Checks NASL id FEDORA_2005-733.NASL description These updated packages fix a problem handling PDF files that could have security implications (CVE-2005-2097). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19468 published 2005-08-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19468 title Fedora Core 3 : cups-1.1.22-0.rc1.8.6 (2005-733) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2005-733. # include("compat.inc"); if (description) { script_id(19468); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_xref(name:"FEDORA", value:"2005-733"); script_name(english:"Fedora Core 3 : cups-1.1.22-0.rc1.8.6 (2005-733)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "These updated packages fix a problem handling PDF files that could have security implications (CVE-2005-2097). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2005-August/001261.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b368040a" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC3", reference:"cups-1.1.22-0.rc1.8.6")) flag++; if (rpm_check(release:"FC3", reference:"cups-debuginfo-1.1.22-0.rc1.8.6")) flag++; if (rpm_check(release:"FC3", reference:"cups-devel-1.1.22-0.rc1.8.6")) flag++; if (rpm_check(release:"FC3", reference:"cups-libs-1.1.22-0.rc1.8.6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-debuginfo / cups-devel / cups-libs"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-706.NASL description Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. When processing a PDF file, bounds checking was not correctly performed on some fields. This could cause the pdftops filter (running as user last seen 2020-06-01 modified 2020-06-02 plugin id 21851 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21851 title CentOS 3 / 4 : cups (CESA-2005:706) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-134.NASL description A vulnerability in the xpdf PDF viewer was discovered. An attacker could construct a malicious PDF file that would cause xpdf to consume all available disk space in /tmp when opened. The updated packages have been patched to correct this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 19893 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19893 title Mandrake Linux Security Advisory : xpdf (MDKSA-2005:134) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-671.NASL description Updated kdegraphics packages that resolve a security issue in kpdf are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A flaw was discovered in kpdf. An attacker could construct a carefully crafted PDF file that would cause kpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Note this issue does not affect Red Hat Enterprise Linux 3 or 2.1. Users of kpdf should upgrade to these updated packages, which contains a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 19411 published 2005-08-10 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19411 title RHEL 4 : kdegraphics (RHSA-2005:671) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-671.NASL description Updated kdegraphics packages that resolve a security issue in kpdf are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A flaw was discovered in kpdf. An attacker could construct a carefully crafted PDF file that would cause kpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Note this issue does not affect Red Hat Enterprise Linux 3 or 2.1. Users of kpdf should upgrade to these updated packages, which contains a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21956 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21956 title CentOS 4 : kdegraphics (CESA-2005:671) NASL family Fedora Local Security Checks NASL id FEDORA_2005-732.NASL description These updated packages fix a problem handling PDF files that could have security implications (CVE-2005-2097). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19467 published 2005-08-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19467 title Fedora Core 4 : cups-1.1.23-15.1 (2005-732) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-780.NASL description A bug has been discovered in the font handling code in xpdf, which is also present in kpdf, the PDF viewer for KDE. A specially crafted PDF file could cause infinite resource consumption, in terms of both CPU and disk space. The oldstable distribution (woody) is not affected by this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 19477 published 2005-08-23 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19477 title Debian DSA-780-1 : kdegraphics - wrong input sanitising NASL family Fedora Local Security Checks NASL id FEDORA_2005-729.NASL description A flaw was discovered in Xpdf in that an attacker could construct a carefully crafted PDF file that would cause Xpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Users of xpdf should upgrade to this updated package, which contains a patch to resolve this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19434 published 2005-08-18 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19434 title Fedora Core 4 : xpdf-3.00-20.FC4.2 (2005-729) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_24EEE28509C711DABC080001020EED82.NASL description xpdf is vulnerable to a denial of service vulnerability which can cause xpdf to create an infinitely large file, thereby filling up the /tmp partition, when opening a specially crafted PDF file. Note that several applications contains an embedded version of xpdf, therefor making them the vulnerable to the same DoS. In CUPS this vulnerability would cause the pdftops filter to crash. last seen 2020-06-01 modified 2020-06-02 plugin id 21400 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21400 title FreeBSD : xpdf -- disk fill DoS vulnerability (24eee285-09c7-11da-bc08-0001020eed82) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-163-1.NASL description xpdf and kpdf did not sufficiently verify the validity of the last seen 2020-06-01 modified 2020-06-02 plugin id 20569 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20569 title Ubuntu 4.10 / 5.04 : xpdf vulnerability (USN-163-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-936.NASL description 'infamous41md last seen 2020-06-01 modified 2020-06-02 plugin id 22802 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22802 title Debian DSA-936-1 : libextractor - buffer overflows NASL family Fedora Local Security Checks NASL id FEDORA_2005-730.NASL description A flaw was discovered in Xpdf in that an attacker could construct a carefully crafted PDF file that would cause Xpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Users of xpdf should upgrade to this updated package, which contains a backported patch to resolve this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19435 published 2005-08-18 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19435 title Fedora Core 3 : xpdf-3.00-10.6.FC3 (2005-730) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-706.NASL description Updated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. When processing a PDF file, bounds checking was not correctly performed on some fields. This could cause the pdftops filter (running as user last seen 2020-06-01 modified 2020-06-02 plugin id 19412 published 2005-08-10 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19412 title RHEL 3 / 4 : cups (RHSA-2005:706) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-135.NASL description A vulnerability in the kpdf KDE PDF viewer was discovered. An attacker could construct a malicious PDF file that would cause kpdf to consume all available disk space in /tmp when opened. The updated packages have been patched to correct this problem. last seen 2017-10-29 modified 2012-09-07 plugin id 20422 published 2006-01-15 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=20422 title MDKSA-2005:135 : kdegraphics NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-670.NASL description An updated xpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. A flaw was discovered in Xpdf in that an attacker could construct a carefully crafted PDF file that would cause Xpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Note this issue does not affect the version of Xpdf in Red Hat Enterprise Linux 3 or 2.1. Users of xpdf should upgrade to this updated package, which contains a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21955 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21955 title CentOS 4 : xpdf (CESA-2005:670) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-670.NASL description An updated xpdf package that fixes a security issue is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. A flaw was discovered in Xpdf in that an attacker could construct a carefully crafted PDF file that would cause Xpdf to consume all available disk space in /tmp when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2097 to this issue. Note this issue does not affect the version of Xpdf in Red Hat Enterprise Linux 3 or 2.1. Users of xpdf should upgrade to this updated package, which contains a backported patch to resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 19410 published 2005-08-10 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19410 title RHEL 4 : xpdf (RHSA-2005:670) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1136.NASL description 'infamous41md last seen 2020-06-01 modified 2020-06-02 plugin id 22678 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22678 title Debian DSA-1136-1 : gpdf - wrong input sanitising NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-136.NASL description A vulnerability in the gpdf PDF viewer was discovered. An attacker could construct a malicious PDF file that would cause gpdf to consume all available disk space in /tmp when opened. The updated packages have been patched to correct this problem. last seen 2017-10-29 modified 2012-09-07 plugin id 20423 published 2006-01-15 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=20423 title MDKSA-2005:136 : gpdf
Oval
| accepted | 2013-04-29T04:04:16.110-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:10280 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information. | ||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||
| rpms |
|
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
- http://secunia.com/advisories/17277
- http://secunia.com/advisories/18398
- http://secunia.com/advisories/18407
- http://secunia.com/advisories/21339
- http://secunia.com/advisories/25729
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
- http://www.debian.org/security/2005/dsa-780
- http://www.debian.org/security/2006/dsa-1136
- http://www.debian.org/security/2006/dsa-936
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:138
- http://www.novell.com/linux/security/advisories/2005_19_sr.html
- http://www.redhat.com/support/errata/RHSA-2005-670.html
- http://www.redhat.com/support/errata/RHSA-2005-671.html
- http://www.redhat.com/support/errata/RHSA-2005-706.html
- http://www.redhat.com/support/errata/RHSA-2005-708.html
- http://www.securityfocus.com/archive/1/427053/100/0/threaded
- http://www.securityfocus.com/archive/1/427990/100/0/threaded
- http://www.securityfocus.com/bid/14529
- http://www.vupen.com/english/advisories/2007/2280
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10280
- https://usn.ubuntu.com/163-1/