Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cups | Easy_software_products | 1.0.4 (including) | 1.0.4 (including) |
| Cups | Easy_software_products | 1.0.4_8 (including) | 1.0.4_8 (including) |
| Cups | Easy_software_products | 1.1.1 (including) | 1.1.1 (including) |
| Cups | Easy_software_products | 1.1.4 (including) | 1.1.4 (including) |
| Cups | Easy_software_products | 1.1.4_2 (including) | 1.1.4_2 (including) |
| Cups | Easy_software_products | 1.1.4_3 (including) | 1.1.4_3 (including) |
| Cups | Easy_software_products | 1.1.4_5 (including) | 1.1.4_5 (including) |
| Cups | Easy_software_products | 1.1.6 (including) | 1.1.6 (including) |
| Cups | Easy_software_products | 1.1.7 (including) | 1.1.7 (including) |
| Cups | Easy_software_products | 1.1.10 (including) | 1.1.10 (including) |
| Cups | Easy_software_products | 1.1.13 (including) | 1.1.13 (including) |
| Cups | Easy_software_products | 1.1.14 (including) | 1.1.14 (including) |
| Cups | Easy_software_products | 1.1.17 (including) | 1.1.17 (including) |
| Xpdf | Xpdf | 0.90 (including) | 0.90 (including) |
| Xpdf | Xpdf | 0.91 (including) | 0.91 (including) |
| Xpdf | Xpdf | 1.0 (including) | 1.0 (including) |
| Xpdf | Xpdf | 1.0a (including) | 1.0a (including) |
| Xpdf | Xpdf | 1.1 (including) | 1.1 (including) |
| Xpdf | Xpdf | 2.0 (including) | 2.0 (including) |
| Xpdf | Xpdf | 2.1 (including) | 2.1 (including) |
| Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
| Red Hat Linux 6.2 | RedHat | * | |
| Red Hat Linux 7.0 | RedHat | * | |
| Red Hat Linux 7.1 | RedHat | * | |
| Red Hat Linux 7.1 | RedHat | * | |
| Red Hat Linux 7.2 | RedHat | * | |
| Red Hat Linux 7.3 | RedHat | * | |
| Red Hat Linux 7.3 | RedHat | * | |
| Red Hat Linux 8.0 | RedHat | * | |
| Red Hat Linux 8.0 | RedHat | * | |
| Red Hat Linux Advanced Workstation 2.1 | RedHat | * |
References
- http://marc.info/?l=bugtraq\u0026m=104152282309980\u0026w=2
- http://www.debian.org/security/2003/dsa-222
- http://www.debian.org/security/2003/dsa-226
- http://www.debian.org/security/2003/dsa-232
- http://www.idefense.com/advisory/12.23.02.txt
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:002
- http://www.novell.com/linux/security/advisories/2003_002_cups.html
- http://www.redhat.com/support/errata/RHSA-2002-295.html
- http://www.redhat.com/support/errata/RHSA-2002-307.html
- http://www.redhat.com/support/errata/RHSA-2003-037.html
- http://www.redhat.com/support/errata/RHSA-2003-216.html
- http://www.securityfocus.com/bid/6475
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10937
- http://marc.info/?l=bugtraq\u0026m=104152282309980\u0026w=2
- http://www.debian.org/security/2003/dsa-222
- http://www.debian.org/security/2003/dsa-226
- http://www.debian.org/security/2003/dsa-232
- http://www.idefense.com/advisory/12.23.02.txt
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:002
- http://www.novell.com/linux/security/advisories/2003_002_cups.html
- http://www.redhat.com/support/errata/RHSA-2002-295.html
- http://www.redhat.com/support/errata/RHSA-2002-307.html
- http://www.redhat.com/support/errata/RHSA-2003-037.html
- http://www.redhat.com/support/errata/RHSA-2003-216.html
- http://www.securityfocus.com/bid/6475
- https://exchange.xforce.ibmcloud.com/vulnerabilities/10937