[gentoo-announce] [ GLSA 200710-20 ] PDFKit, ImageKits: Buffer overflow - gentoo-announce

From:	Raphael Marichez <falco@g.o>
To:	gentoo-announce@g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200710-20 ] PDFKit, ImageKits: Buffer overflow
Date:	Thu, 18 Oct 2007 23:30:36
Message-Id:	`20071018224604.GA24627@falco.falcal.net`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200710-20

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: PDFKit, ImageKits: Buffer overflow

9

      Date: October 18, 2007

10

      Bugs: #188185

11

        ID: 200710-20

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

PDFKit and ImageKits are vulnerable to an integer overflow and a stack

19

overflow allowing for the user-assisted execution of arbitrary code.

20

21

Background

22

==========

23

24

PDFKit is a framework for rendering of PDF content in GNUstep

25

applications. ImageKits is a collection of frameworks to support

26

imaging in GNUstep applications.

27

28

Affected packages

29

=================

30

31

    -------------------------------------------------------------------

32

     Package                 /     Vulnerable     /         Unaffected

33

    -------------------------------------------------------------------

34

  1  gnustep-libs/pdfkit        <= 0.9_pre062906           Vulnerable!

35

  2  gnustep-libs/imagekits          <= 0.6                Vulnerable!

36

    -------------------------------------------------------------------

37

     NOTE: Certain packages are still vulnerable. Users should migrate

38

           to another package if one is available or wait for the

39

           existing packages to be marked stable by their

40

           architecture maintainers.

41

    -------------------------------------------------------------------

42

     2 affected packages on all of their supported architectures.

43

    -------------------------------------------------------------------

44

45

Description

46

===========

47

48

Maurycy Prodeus discovered an integer overflow vulnerability possibly

49

leading to a stack-based buffer overflow in the XPDF code which PDFKit

50

is based on. ImageKits also contains a copy of PDFKit.

51

52

Impact

53

======

54

55

By enticing a user to view a specially crafted PDF file with a viewer

56

based on ImageKits or PDFKit such as Gentoo's ViewPDF, a remote

57

attacker could cause an overflow, potentially resulting in the

58

execution of arbitrary code with the privileges of the user running the

59

application.

60

61

Workaround

62

==========

63

64

There is no known workaround at this time.

65

66

Resolution

67

==========

68

69

PDFKit and ImageKits are not maintained upstream, so the packages were

70

masked in Portage. We recommend that users unmerge PDFKit and

71

ImageKits:

72

73

    # emerge --unmerge gnustep-libs/pdfkit

74

    # emerge --unmerge gnustep-libs/imagekits

75

76

As an alternative, users should upgrade their systems to use PopplerKit

77

instead of PDFKit and Vindaloo instead of ViewPDF.

78

79

References

80

==========

81

82

  [ 1 ] CVE-2007-3387

83

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387

84

  [ 2 ] GLSA 200709-12

85

        http://www.gentoo.org/security/en/glsa/glsa-200709-12.xml

86

87

Availability

88

============

89

90

This GLSA and any updates to it are available for viewing at

91

the Gentoo Security Website:

92

93

  http://security.gentoo.org/glsa/glsa-200710-20.xml

94

95

Concerns?

96

=========

97

98

Security is a primary focus of Gentoo Linux and ensuring the

99

confidentiality and security of our users machines is of utmost

100

importance to us. Any security concerns should be addressed to

101

security@g.o or alternatively, you may file a bug at

102

http://bugs.gentoo.org.

103

104

License

105

=======

106

107

Copyright 2007 Gentoo Foundation, Inc; referenced text

108

belongs to its owner(s).

109

110

The contents of this document are licensed under the

111

Creative Commons - Attribution / Share Alike license.

112

113

http://creativecommons.org/licenses/by-sa/2.5

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200710-20
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: PDFKit, ImageKits: Buffer overflow
9	Date: October 18, 2007
10	Bugs: #188185
11	ID: 200710-20
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	PDFKit and ImageKits are vulnerable to an integer overflow and a stack
19	overflow allowing for the user-assisted execution of arbitrary code.
20
21	Background
22	==========
23
24	PDFKit is a framework for rendering of PDF content in GNUstep
25	applications. ImageKits is a collection of frameworks to support
26	imaging in GNUstep applications.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 gnustep-libs/pdfkit <= 0.9_pre062906 Vulnerable!
35	2 gnustep-libs/imagekits <= 0.6 Vulnerable!
36	-------------------------------------------------------------------
37	NOTE: Certain packages are still vulnerable. Users should migrate
38	to another package if one is available or wait for the
39	existing packages to be marked stable by their
40	architecture maintainers.
41	-------------------------------------------------------------------
42	2 affected packages on all of their supported architectures.
43	-------------------------------------------------------------------
44
45	Description
46	===========
47
48	Maurycy Prodeus discovered an integer overflow vulnerability possibly
49	leading to a stack-based buffer overflow in the XPDF code which PDFKit
50	is based on. ImageKits also contains a copy of PDFKit.
51
52	Impact
53	======
54
55	By enticing a user to view a specially crafted PDF file with a viewer
56	based on ImageKits or PDFKit such as Gentoo's ViewPDF, a remote
57	attacker could cause an overflow, potentially resulting in the
58	execution of arbitrary code with the privileges of the user running the
59	application.
60
61	Workaround
62	==========
63
64	There is no known workaround at this time.
65
66	Resolution
67	==========
68
69	PDFKit and ImageKits are not maintained upstream, so the packages were
70	masked in Portage. We recommend that users unmerge PDFKit and
71	ImageKits:
72
73	# emerge --unmerge gnustep-libs/pdfkit
74	# emerge --unmerge gnustep-libs/imagekits
75
76	As an alternative, users should upgrade their systems to use PopplerKit
77	instead of PDFKit and Vindaloo instead of ViewPDF.
78
79	References
80	==========
81
82	[ 1 ] CVE-2007-3387
83	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
84	[ 2 ] GLSA 200709-12
85	http://www.gentoo.org/security/en/glsa/glsa-200709-12.xml
86
87	Availability
88	============
89
90	This GLSA and any updates to it are available for viewing at
91	the Gentoo Security Website:
92
93	http://security.gentoo.org/glsa/glsa-200710-20.xml
94
95	Concerns?
96	=========
97
98	Security is a primary focus of Gentoo Linux and ensuring the
99	confidentiality and security of our users machines is of utmost
100	importance to us. Any security concerns should be addressed to
101	security@g.o or alternatively, you may file a bug at
102	http://bugs.gentoo.org.
103
104	License
105	=======
106
107	Copyright 2007 Gentoo Foundation, Inc; referenced text
108	belongs to its owner(s).
109
110	The contents of this document are licensed under the
111	Creative Commons - Attribution / Share Alike license.
112
113	http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce