Bug 6588

Summary: CVE-2006-1244
Product: poppler Reporter: Ondrej Sury <ondrej>
Component: generalAssignee: Kristian Høgsberg <krh>
Status: RESOLVED FIXED QA Contact:
Severity: critical    
Priority: high CC: poppler-bugs
Version: unspecified   
Hardware: x86 (IA32)   
OS: Linux (All)   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1244
Whiteboard:
i915 platform: i915 features:
Attachments: Patch to fix CVE-2006-1244 (as provided by Derek Noonburg)

Description Ondrej Sury 2006-04-13 18:26:53 UTC 
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in
various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, has
unknown impact and user-complicit attack vectors, possibly involving errors in
(1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc,
and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA
979, which is based on changes that were made after other vulnerabilities such
as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of
these newer fixes appear to be security-relevant, although it is not clear if
they fix specific issues or are defensive in nature.
Comment 1 Ondrej Sury 2006-04-13 18:27:50 UTC 
Created attachment 5295 [details] [review]
Patch to fix CVE-2006-1244 (as provided by Derek Noonburg)
Comment 2 Ondrej Sury 2006-04-13 18:28:58 UTC 
xpdf/JBIG2Stream.cc, xpdf/Stream.h, splash/SplashXPathScanner.cc:
Fix various integer overflows.
Comment 3 ismail ( cartman ) donmez 2006-04-13 23:45:23 UTC 
Am I correct assuming this is already fixed in 0.5.1 ?
Comment 4 Ondrej Sury 2006-04-14 00:26:26 UTC 
I think so, it's also fixed in Debian version as part of xpdf 3.01 fixes, but
still it affects stable version and it's possible security issue.
Comment 5 ismail ( cartman ) donmez 2006-04-14 00:30:17 UTC 
(In reply to comment #4)
> I think so, it's also fixed in Debian version as part of xpdf 3.01 fixes, but
> still it affects stable version and it's possible security issue.

Thanks for information.
Comment 6 Albert Astals Cid 2006-04-14 01:06:13 UTC 
Reassinging bug to the release dude.
Comment 7 Albert Astals Cid 2007-11-04 04:37:05 UTC 
Fixed time ago

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.