[prev in list] [next in list] [prev in thread] [next in thread]
List: koffice
Subject: [SECURITY] Newest KOffice PDF Import Filter Vulnerability
From: Nicolas Goutte <nicolasg () snafu ! de>
Date: 2005-01-20 14:57:20
Message-ID: 200501201556.24862.nicolasg () snafu ! de
[Download RAW message or body]
Unfortunately there is now again a new vulnerability known for the PDF import
filter of KWord. (It affects all KOffice 1.3.x.)
Please see the forwarded message from Waldo Bastian; the patch is attached
(and not on any server yet.)
Announcements on koffice.org will follow as soon as I (or somebody else) will
take time for it.
I am sorry for the inconveniences.
Have a nice day!
---------- Forwarded Message ----------
Subject: DRAFT: KDE Security Advisory: KOffice PDF Import Filter Vulnerability
Date: Thursday 20 January 2005 12:15
From: Waldo Bastian <bastian@kde.org>
To: security@kde.org, Nicolas Goutte <nicolasg@snafu.de>
Cc: koffice-devel@kde.org
Please review.
Cheers,
Waldo
KDE Security Advisory: KOffice PDF Import Filter Vulnerability
Original Release Date: 2005-01-20
URL: http://www.kde.org/info/security/advisory-20050120-1.txt
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-XXXX
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
1. Systems affected:
KOffice 1.3 up to including KOffice 1.3.5
2. Overview:
The KOffice PDF Import Filter shares code with xpdf. xpdf contains
a buffer overflow that can be triggered by a specially crafted
PDF file.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-XXXX to this issue.
3. Impact:
Remotely supplied pdf files can be used to execute arbitrary
code on the client machine when the user opens such file in
KOffice.
4. Solution:
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
5. Patch:
Patch for KOffice 1.3.5 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
5fa219238965d4d8f2f2bc9e53890b98 post-1.3.5-koffice.diff
6. Time line and credits:
19/01/2005 KDE Security Team alerted by Carsten Lohrke
19/01/2005 Patches from xpdf 3.00pl3 applied to KDE CVS and patches
prepared.
20/01/2005 Public disclosure.
--
bastian@kde.org | Free Novell Linux Desktop 9 Evaluation Download
bastian@suse.com | http://www.novell.com/products/desktop/eval.html
-------------------------------------------------------
["post-1.3.5-koffice.diff" (text/x-diff)]
Index: filters/kword/pdf/xpdf/xpdf/XRef.cc
===================================================================
RCS file: /home/kde/koffice/filters/kword/pdf/xpdf/xpdf/XRef.cc,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -p -r1.6 -r1.7
--- filters/kword/pdf/xpdf/xpdf/XRef.cc 30 Oct 2004 16:35:33 -0000 1.6
+++ filters/kword/pdf/xpdf/xpdf/XRef.cc 19 Jan 2005 15:43:46 -0000 1.7
@@ -501,6 +501,9 @@ GBool XRef::checkEncrypted(GString *owne
} else {
keyLength = 5;
}
+ if (keyLength > 16) {
+ keyLength = 16;
+ }
permFlags = permissions.getInt();
if (encVersion >= 1 && encVersion <= 2 &&
encRevision >= 2 && encRevision <= 3) {
____________________________________
koffice mailing list
koffice@mail.kde.org
To unsubscribe please visit:
https://mail.kde.org/mailman/listinfo/koffice
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic