Hi Hamish I attached a patch to fix this problem. In case you are busy, can I upload the NMU patch?
Cheers Steffen
diff -u xpdf-3.02/debian/changelog xpdf-3.02/debian/changelog
--- xpdf-3.02/debian/changelog
+++ xpdf-3.02/debian/changelog
@@ -1,3 +1,12 @@
+xpdf (3.02-1.1) unstable; urgency=high
+
+ * Non-maintainer upload
+ * Fix integer overflow in the StreamPredictor::StreamPredictor
+ function by adding post-3.5.7-kdegraphics-CVE-2007-3387.diff.dpatch
+ (Closes: #435462) Fixes: CVE-2007-3387
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Sun, 05 Aug 2007 10:03:53 +0000
+
xpdf (3.02-1) unstable; urgency=low
* New upstream release (closes: #413611)
diff -u xpdf-3.02/debian/patches/00list xpdf-3.02/debian/patches/00list
--- xpdf-3.02/debian/patches/00list
+++ xpdf-3.02/debian/patches/00list
@@ -18,0 +19,3 @@
+
+# Fix CVE-2007-3387
+post-3.5.7-kdegraphics-CVE-2007-3387.diff.dpatch
only in patch2:
unchanged:
--- xpdf-3.02.orig/debian/patches/post-3.5.7-kdegraphics-CVE-2007-3387.diff.dpatch
+++ xpdf-3.02/debian/patches/post-3.5.7-kdegraphics-CVE-2007-3387.diff.dpatch
@@ -0,0 +1,25 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## post-3.5.7-kdegraphics-CVE-2007-3387.diff.dpatch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix integer overflow in the StreamPredictor::StreamPredictor
+## function
+
[EMAIL PROTECTED]@
+Index: kpdf/xpdf/xpdf/Stream.cc
+===================================================================
+--- kpdf/xpdf/xpdf/Stream.cc (revision 689574)
++++ xpdf-3.02/xpdf/Stream.cc (working copy)
+@@ -411,9 +411,9 @@ StreamPredictor::StreamPredictor(Stream
+
+ nVals = width * nComps;
+ if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+- nComps >= INT_MAX / nBits ||
+- width >= INT_MAX / nComps / nBits ||
+- nVals * nBits + 7 < 0) {
++ nComps > gfxColorMaxComps || nBits > 16 ||
++ width >= INT_MAX / nComps ||
++ nVals >= (INT_MAX - 7) / nBits) {
+ return;
+ }
+ pixBytes = (nComps * nBits + 7) >> 3;
signature.asc
Description: This is a digitally signed message part.
