| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200501202305.46951.bastian@kde.org>
Date: Thu, 20 Jan 2005 23:05:43 +0100
From: Waldo Bastian <bastian@....org>
To: bugtraq@...urityfocus.com
Subject: KDE Security Advisory: KOffice PDF Import Filter Vulnerability
KDE Security Advisory: KOffice PDF Import Filter Vulnerability
Original Release Date: 2005-01-20
URL: http://www.kde.org/info/security/advisory-20050120-1.txt
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
1. Systems affected:
KOffice 1.3 up to including KOffice 1.3.5
2. Overview:
The KOffice PDF Import Filter shares code with xpdf. xpdf contains
a buffer overflow that can be triggered by a specially crafted
PDF file.
3. Impact:
Remotely supplied pdf files can be used to execute arbitrary
code on the client machine when the user opens such file in
KOffice.
4. Solution:
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
5. Patch:
Patch for KOffice 1.3.5 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
0e6194cbfe3f6d3b3c848c2c76ef5bfb post-1.3.5-koffice.diff
6. Time line and credits:
19/01/2005 KDE Security Team alerted by Carsten Lohrke
19/01/2005 Patches from xpdf 3.00pl3 applied to KDE CVS and patches
prepared.
20/01/2005 Public disclosure.
--
bastian@....org | Free Novell Linux Desktop 9 Evaluation Download
bastian@...e.com | http://www.novell.com/products/desktop/eval.html
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists