Package: xpdf-reader Version: 3.02-1.4 Severity: grave Justification: security
$ wget http://www.adobe.com/products/postscript/pdfs/PLRM.pdf ... $ sha256sum PLRM.pdf 6b29e79e4ab64aaa61a3fb27a0f36838c01f2530362873ac316bdb493a1bab6b PLRM.pdf $ xpdf PLRM.pdf ... (scoll down a few pages) Segmentation fault (core dumped) $ gdb /usr/bin/xpdf.bin core ... Core was generated by `xpdf PLRM.pdf'. Program terminated with signal 11, Segmentation fault. [New process 3773] #0 0x00002baa8263045a in XPutImage () from /usr/lib/libX11.so.6 (gdb) bt #0 0x00002baa8263045a in XPutImage () from /usr/lib/libX11.so.6 #1 0x000000000049acaa in ?? () #2 0x0000000000465686 in ?? () #3 0x00000000004686a0 in ?? () #4 0x000000000049cbb8 in ?? () #5 0x000000000046451c in ?? () #6 0x00000000004a630d in ?? () #7 0x00000000004a68a2 in ?? () #8 0x000000000049b8a0 in ?? () #9 0x00002baa81958a1f in XtCallCallbackList () from /usr/lib/libXt.so.6 #10 0x00002baa81653bc5 in _XmDrawingAreaInput () from /usr/lib/libXm.so.2 #11 0x00002baa8198dabe in ?? () from /usr/lib/libXt.so.6 #12 0x00002baa8198ded9 in ?? () from /usr/lib/libXt.so.6 #13 0x00002baa8198e5df in _XtTranslateEvent () from /usr/lib/libXt.so.6 #14 0x00002baa8196632a in XtDispatchEventToWidget () from /usr/lib/libXt.so.6 #15 0x00002baa819669f6 in ?? () from /usr/lib/libXt.so.6 #16 0x00002baa81965b3b in XtDispatchEvent () from /usr/lib/libXt.so.6 #17 0x00002baa81965ca3 in XtAppMainLoop () from /usr/lib/libXt.so.6 #18 0x00000000004aa0e6 in ?? () #19 0x00002baa832c91a6 in __libc_start_main () from /lib/libc.so.6 #20 0x0000000000406329 in ?? () #21 0x00007fff29be5178 in ?? () #22 0x000000000000001c in ?? () #23 0x0000000000000002 in ?? () #24 0x00007fff29be5812 in ?? () #25 0x00007fff29be5817 in ?? () #26 0x0000000000000000 in ?? () (gdb) quit $ I do not know whether this has a security impact[1], so I go the safe way and report this as a security issue. If it turns out to be harmless, please downgrade the severity. Helmut [1] xpdf is often automatically launched by webbrowsers or even mozplugger. So if this is exploitable it allows user assisted code execution. -- System Information: Debian Release: 5.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.23.14 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages xpdf depends on: ii xpdf-common 3.02-1.4 Portable Document Format (PDF) sui ii xpdf-reader 3.02-1.4 Portable Document Format (PDF) sui ii xpdf-utils 3.02-1.4 Portable Document Format (PDF) sui xpdf recommends no packages. xpdf suggests no packages. Versions of packages xpdf-reader depends on: ii gsfonts 1:8.11+urwcyr1.0.7~pre44-4 Fonts for the Ghostscript interpre ii lesstif2 1:0.95.0-2.1 OSF/Motif 2.1 implementation relea ii libc6 2.7-18 GNU C Library: Shared libraries ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib ii libgcc1 1:4.3.2-3 GCC support library ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library ii libpaper1 1.1.23+nmu1 library for handling paper charact ii libsm6 2:1.0.3-2 X11 Session Management library ii libstdc++6 4.3.2-3 The GNU Standard C++ Library v3 ii libt1-5 5.1.2-3 Type 1 font rasterizer library - r ii libx11-6 2:1.1.5-2 X11 client-side library ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar ii libxp6 1:1.0.0.xsf1-2 X Printing Extension (Xprint) clie ii libxpm4 1:3.5.7-1 X11 pixmap library ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library ii xpdf-common 3.02-1.4 Portable Document Format (PDF) sui -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
