Bugzilla – Bug 62538
VUL-0: CVE-2004-0888: tetex: in xpdf-based code CAN-2004-0888, CAN-2004-0889
Last modified: 2021-10-04 10:16:56 UTC
You probably know this, but here is is none the less. I'd like to add another program to the list of those which use xpdf: pdfTeX, (which can be used as "pdfnup" [cf. psnup for ps] program). http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:113 Chris Evans discovered numerous vulnerabilities in the xpdf package: Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. (CAN-2004-0888) Multiple integer overflow issues affecting xpdf-3.0 only. These can result in DoS or possibly arbitrary code execution. (CAN-2004-0889) Chris also discovered issues with infinite loop logic error affecting xpdf-3.0 only.
.
we know and released fixed packages already for most xpdf packages. thanks!
<!-- SBZ_reopen -->Reopened by thomas@suse.de at Tue Oct 26 13:43:48 2004, took initial reporter burnus@gmx.de to cc
But we also need update for tetex. ./tetex-src-2.0.2/libs/xpdf/xpdf/
*** This bug has been marked as a duplicate of 62624 ***