Bug 62538

Summary: VUL-0: CVE-2004-0888: tetex: in xpdf-based code CAN-2004-0888, CAN-2004-0889
Product: [Novell Products] SUSE Security Incidents Reporter: Thomas Biege <thomas>
Component: IncidentsAssignee: Dr. Werner Fink <werner>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: burnus, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVSSv2:NVD:CVE-2004-0888:10.0:(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVSSv2:RedHat:CVE-2004-0888:5.8:(AV:A/AC:L/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Tobias Burnus 2004-10-22 17:27:43 UTC 
You probably know this, but here is is none the less.
I'd like to add another program to the list of those which use xpdf: pdfTeX,
(which can be used as "pdfnup" [cf. psnup for ps] program).

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:113

Chris Evans discovered numerous vulnerabilities in the xpdf package:

Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs
like cups which have embedded versions of xpdf. These can result in writing an
arbitrary byte to an attacker controlled location which probably could lead to
arbitrary code execution. (CAN-2004-0888)

Multiple integer overflow issues affecting xpdf-3.0 only. These can result in
DoS or possibly arbitrary code execution. (CAN-2004-0889)

Chris also discovered issues with infinite loop logic error affecting xpdf-3.0 only.
Comment 1 Tobias Burnus 2004-10-22 17:28:30 UTC 
.
Comment 2 Marcus Meissner 2004-10-25 17:10:24 UTC 
we know and released fixed packages already for most xpdf packages. 
 
thanks!
Comment 3 Thomas Biege 2004-10-26 19:43:48 UTC 
<!-- SBZ_reopen -->Reopened by thomas@suse.de at Tue Oct 26 13:43:48 2004, took initial reporter burnus@gmx.de to cc
Comment 4 Thomas Biege 2004-10-26 19:43:48 UTC 
But we also need update for tetex. 
 
./tetex-src-2.0.2/libs/xpdf/xpdf/
Comment 5 Dr. Werner Fink 2004-10-26 22:12:54 UTC 

*** This bug has been marked as a duplicate of 62624 ***