J-Security Center

Title: Xpdf/CUPS pdftops Integer Overflow Vulnerability

Severity: MODERATE

Description:

The Xpdf pdftops filter is a utility for converting PDF files to PostScript. The pdftops filter also ships with CUPS.

The pdftops filter is prone to an integer overflow. As a result, it may be possible to corrupt memory (such as function pointers) with attacker-supplied data and cause arbitrary code to be executed. This condition may occur when the filter is supplied an oversized integer value as the number of elements for ColorSpace. It is also been reported that it is possible to trigger the integer overflow through other means.

The method of exploitation may vary. If an attacker can entice a user to print a malformed file from the command line using the vulnerable filter, it may be possible to execute code with the privileges of that user. Local exploitation may result in the attacker gaining the elevated privileges of the 'lp' user if the utility is installed setuid.

Affected Products:

  • Caldera OpenLinux Desktop 2.3.0
  • Caldera OpenLinux Server 3.1.0
  • Caldera OpenLinux Server 3.1.1
  • Caldera OpenLinux Workstation 3.1.0
  • Caldera OpenLinux Workstation 3.1.1
  • Caldera OpenLinux eBuilder 3.0.0
  • Conectiva Linux 4.0.0
  • Conectiva Linux 4.0.0 es
  • Conectiva Linux 4.1.0
  • Conectiva Linux 4.2.0
  • Conectiva Linux 5.0.0
  • Conectiva Linux 5.1.0
  • Conectiva Linux 6.0.0
  • Conectiva Linux 7.0.0
  • Conectiva Linux 8.0.0
  • Conectiva Linux 9.0.0
  • Debian Linux 2.2.0
  • Debian Linux 2.2.0 68k
  • Debian Linux 2.2.0 IA-32
  • Debian Linux 2.2.0 alpha
  • Debian Linux 2.2.0 arm
  • Debian Linux 2.2.0 powerpc
  • Debian Linux 2.2.0 sparc
  • Debian Linux 2.3.0
  • Debian Linux 3.0.0
  • Debian Linux 3.0.0 alpha
  • Debian Linux 3.0.0 arm
  • Debian Linux 3.0.0 hppa
  • Debian Linux 3.0.0 ia-32
  • Debian Linux 3.0.0 ia-64
  • Debian Linux 3.0.0 m68k
  • Debian Linux 3.0.0 mips
  • Debian Linux 3.0.0 mipsel
  • Debian Linux 3.0.0 ppc
  • Debian Linux 3.0.0 s/390
  • Debian Linux 3.0.0 sparc
  • Easy Software Products CUPS 1.0.4
  • Easy Software Products CUPS 1.0.4 -8
  • Easy Software Products CUPS 1.1.1
  • Easy Software Products CUPS 1.1.10
  • Easy Software Products CUPS 1.1.13
  • Easy Software Products CUPS 1.1.14
  • Easy Software Products CUPS 1.1.17
  • Easy Software Products CUPS 1.1.4
  • Easy Software Products CUPS 1.1.4 -2
  • Easy Software Products CUPS 1.1.4 -3
  • Easy Software Products CUPS 1.1.4 -5
  • Easy Software Products CUPS 1.1.6
  • Easy Software Products CUPS 1.1.7
  • Gentoo Linux 1.2.0
  • Gentoo Linux 1.4.0 _rc1
  • MandrakeSoft Corporate Server 2.1.0
  • MandrakeSoft Corporate Server 2.1.0 x86_64
  • MandrakeSoft Linux Mandrake 7.2.0
  • MandrakeSoft Linux Mandrake 8.0.0
  • MandrakeSoft Linux Mandrake 8.0.0 ppc
  • MandrakeSoft Linux Mandrake 8.1.0
  • MandrakeSoft Linux Mandrake 8.1.0 ia64
  • MandrakeSoft Linux Mandrake 8.2.0
  • MandrakeSoft Linux Mandrake 8.2.0 ppc
  • MandrakeSoft Linux Mandrake 9.0.0
  • MandrakeSoft Linux Mandrake 9.1.0
  • MandrakeSoft Linux Mandrake 9.1.0 ppc
  • RedHat Desktop 3.0.0
  • RedHat Enterprise Linux AS 3
  • RedHat Enterprise Linux ES 3
  • RedHat Enterprise Linux WS 3
  • RedHat PowerTools 7.0.0
  • S.u.S.E. Linux 7.1.0 alpha
  • S.u.S.E. Linux 7.1.0 ppc
  • S.u.S.E. Linux 7.1.0 sparc
  • S.u.S.E. Linux 7.1.0 x86
  • S.u.S.E. Linux 7.2.0 i386
  • S.u.S.E. Linux 7.3.0 i386
  • S.u.S.E. Linux 7.3.0 ppc
  • S.u.S.E. Linux 7.3.0 sparc
  • SCO eDesktop 2.4.0
  • SCO eServer 2.3.0
  • Sun Linux 5.0.0
  • Sun Linux 5.0.3
  • Sun Linux 5.0.5
  • Sun Linux 5.0.6
  • Terra Soft Solutions Yellow Dog Linux 3.0.0
  • Turbolinux Turbolinux 6.0.0
  • Turbolinux Turbolinux Server 7.0.0
  • Turbolinux Turbolinux Server 8.0.0
  • Turbolinux Turbolinux Workstation 7.0.0
  • Turbolinux Turbolinux Workstation 8.0.0
  • Xpdf Xpdf 0.90.0
  • Xpdf Xpdf 0.91.0
  • Xpdf Xpdf 0.92.0
  • Xpdf Xpdf 0.93.0
  • Xpdf Xpdf 1.0.0 0
  • Xpdf Xpdf 1.0.0 0a
  • Xpdf Xpdf 1.0.0 1
  • Xpdf Xpdf 2.0.0
  • Xpdf Xpdf 2.0.0 1

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.