USN-64-1: xpdf, CUPS vulnerabilities

19 January 2005

xpdf, cupsys vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

A buffer overflow has been found in the xpdf viewer. An insufficient input validation of the encryption key length could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code with the user’s privileges.

The Common UNIX Printing System (CUPS) uses the same code to print PDF files. In this case, this bug could be exploited to gain the privileges of the CUPS print server (by default, user cupsys).

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
cupsys
libcupsimage2
libcupsys2-gnutls10
xpdf-reader
xpdf-utils

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References