[Bug 160948] [kpdf] multiple xpdf based vulnerabilities

hk47 bugtracker at slideomania.com
Thu Nov 8 13:17:49 UTC 2007


Public bug reported:

Binary package hint: kpdf

References:
http://www.kde.org/info/security/advisory-20071107-1.txt

"Systems affected:
KDE 3.2.0 up to including KDE 3.5.8.
All KOffice 1.x releases.

Overview:
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
multiple vulnerabilities that can crash kpdf or possibly
execute arbitrary code. The issues were reported by Secunia
Research. Similiar xpdf based code also exists in kword
pdf import filters of KOffice 1.x."

See also Bug #160944.

>From Bug #129940 I remember that Ubuntu's kpdf/kdegraphics/koffice
relies on poppler, but since I'm not sure if the reported issues don't
affect (K)Ubuntu's packages, I'm submitting this bug report.

** Affects: kdegraphics (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: koffice (Ubuntu)
     Importance: Undecided
         Status: New

** Visibility changed to: Public

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-4352

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-5392

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-5493

** Also affects: koffice (Ubuntu)
   Importance: Undecided
       Status: New

-- 
[kpdf] multiple xpdf based vulnerabilities
https://bugs.launchpad.net/bugs/160948
You received this bug notification because you are a member of Kubuntu
Team, which is a bug contact for kdegraphics in ubuntu.




More information about the kubuntu-bugs mailing list