Xpdf 输入验证错误漏洞

admin
admin
admin
0
文章
0
评论
2022-07-22 13:06:40 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Xpdf 输入验证错误漏洞

  • CNNVD编号:CNNVD-200804-056
  • 危害等级: 中危
  • CVE编号: CVE-2008-1374
  • 漏洞类型: 输入验证错误
  • 发布时间: 2004-10-21
  • 威胁类型:
  • 更新时间: 2021-07-14
  • 厂        商: red_hat
  • 漏洞来源: Chris Evans chris@...

漏洞简介

Xpdf是FOO实验室的一款开源的PDF阅读器。该产品支持解码LZW压缩格式的文件以及阅读加密的PDF文件。

Xpdf包含的pdftops/XRef.cc在处理pageSize值时存在输入验证错误漏洞.构建恶意PDF文件,诱使用户访问,可触发整数缓冲区溢出。

CUPS包含调用Xpdf,因此也受此漏洞影响。目前没有详细漏洞细节提供。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

RedHat Fedora Core2

RedHat cups-1.1.20-11.11.i386.rpm

Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

RedHat cups-1.1.20-11.11.x86_64.rpm

Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

RedHat cups-debuginfo-1.1.20-11.11.i386.rpm

Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

RedHat cups-debuginfo-1.1.20-11.11.x86_64.rpm

Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

RedHat cups-devel-1.1.20-11.11.i386.rpm

Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

RedHat cups-devel-1.1.20-11.11.x86_64.rpm

Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

RedHat cups-libs-1.1.20-11.11.i386.rpm

Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

RedHat cups-libs-1.1.20-11.11.x86_64.rpm

Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

GNOME GPdf 0.110

RedHat gpdf-0.110-1.4.legacy.i386.rpm

http://download.fedoralegacy.org/fedora/1/updates/i386/gpdf-0.110-1.4. legacy.i386.rpm

GNOME GPdf 0.131

Conectiva gpdf-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-0.131-56565U10_1cl.i3 86.rpm

Conectiva gpdf-i18n-am-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-am-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-ar-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-ar-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-az-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-az-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-be-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-be-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-bn-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-bn-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-ca-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-ca-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-cs-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-cs-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-cy-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-cy-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-da-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-da-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-de-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-de-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-el-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-el-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-en_CA-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-en_CA-0.131-5656 5U10_1cl.i386.rpm

Conectiva gpdf-i18n-en_GB-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-en_GB-0.131-5656 5U10_1cl.i386.rpm

Conectiva gpdf-i18n-eo-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-eo-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-es-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-es-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-eu-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-eu-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-fa-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-fa-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-fi-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-fi-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-fr-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-fr-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-ga-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18

参考网址

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/495164/100/0/threaded

来源:CONFIRM

链接:https://issues.rpath.com/browse/RPL-2390

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9636

来源:SECUNIA

链接:http://secunia.com/advisories/31388

来源:SECUNIA

链接:http://secunia.com/advisories/29630

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2008-0206.HTML

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/41758

来源:CONFIRM

链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0245

受影响实体

  • Red_hat Enterprise_linux:4:Ws  
  • Red_hat Enterprise_linux:4:Es  
  • Red_hat Enterprise_linux:4:Desktop  
  • Red_hat Enterprise_linux:4:As  
  • Red_hat Enterprise_linux:3:Ws  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
Xpdf 整数溢出漏洞 CNNVD漏洞

Xpdf 整数溢出漏洞

漏洞信息详情Xpdf 整数溢出漏洞CNNVD编号:CNNVD-200501-301危害等级: 超危CVE编号:CVE-2004-0888漏洞类型:缓冲区溢出发布时间:2004-
07-220 评论
Xpdf 整数溢出漏洞 CNNVD漏洞

Xpdf 整数溢出漏洞

漏洞信息详情Xpdf 整数溢出漏洞CNNVD编号:CNNVD-200501-307危害等级: 超危CVE编号:CVE-2004-0889漏洞类型:缓冲区溢出发布时间:2004-
07-220 评论
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0