|
|
>> Xpdf "Stream.cc" and "JPXStream.cc" Buffer Overflow Vulnerabilities
|
|
Multiple vulnerabilities were identified in Xpdf, which could be exploited by remote attackers to execute arbitrary commands and take complete control of an affected system.
The first issue is due to a heap overflow error in the "DCTStream::readBaselineSOF()" [xpdf/Stream.cc] function that does not properly handle an overly large "numComps" value, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to open a specially crafted PDF file.
The second flaw is due to a heap overflow error in the "DCTStream::readProgressiveSOF()" [xpdf/Stream.cc] function that does not properly handle an overly large "numComps" value, which could be exploited by remote attackers to execute arbitrary commands by convincing a user to open a specially crafted PDF file.
The third vulnerability is due to a heap overflow error in the "StreamPredictor::StreamPredictor()" [xpdf/Stream.cc] function, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to open a specially crafted PDF file.
The fourth issue is due to a heap overflow error in the "JPXStream::readCodestream()" [xpdf/JPXStream.cc] function that does not properly handle large "nXTiles" and "nYTiles" values, which could be exploited by remote attackers to compromise a vulnerable system by convincing a user to open a specially crafted PDF file.
Credits
Vulnerabilities reported by infamous41md
ChangeLog
2005-12-06 : Initial release
Vulnerability Management
Subscribe to VUPEN Security VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@vupen.com. | |
|
