多家厂商xpdf DCTStream Progressive堆溢出漏洞

admin

0
文章

0
评论

2023-12-15 10:58:10 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

低危多家厂商xpdf DCTStream Progressive堆溢出漏洞

CVE编号

CVE-2005-3191

利用情况

暂无

补丁情况

官方补丁

披露时间

2005-12-07

漏洞描述

Xpdf是便携文档格式(PDF)文件的开放源码浏览器。多家厂商软件版本所捆绑的xpdf中存在堆溢出漏洞。 DCT流解析代码没有充分的验证用户输入。xpdf/Stream.cc的DCTStream：：readProgressiveSOF函数从PDF文件的用户可控数据中读取numComps的值，然后在循环中使用该值将数据拷贝到预先分配的堆缓冲区中，如下所示： GBool DCTStream：：readProgressiveSOF() { ... numComps = str-＞getChar(); ... for (i = 0; i ＜ numComps; ++i) { compInfo[i].id = str-＞getChar(); c = str-＞getChar(); compInfo[i].hSample = (c ＞＞ 4) ＆ 0x0f; compInfo[i].vSample = c ＆ 0x0f; compInfo[i].quantTable = str-＞getChar(); } ... 向numComps提供过大的值就可以导致破坏堆内存。成功利用这个漏洞的攻击者可以导致拒绝服务或执行任意代码。

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.20/SCOSA-2006.20.txt
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.21/SCOSA-2006.21.txt
ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=342289
http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html
http://rhn.redhat.com/errata/RHSA-2005-868.html
http://secunia.com/advisories/17897
http://secunia.com/advisories/17908
http://secunia.com/advisories/17912
http://secunia.com/advisories/17916
http://secunia.com/advisories/17920
http://secunia.com/advisories/17921
http://secunia.com/advisories/17926
http://secunia.com/advisories/17929
http://secunia.com/advisories/17940
http://secunia.com/advisories/17955
http://secunia.com/advisories/17976
http://secunia.com/advisories/18009
http://secunia.com/advisories/18055
http://secunia.com/advisories/18061
http://secunia.com/advisories/18147
http://secunia.com/advisories/18189
http://secunia.com/advisories/18191
http://secunia.com/advisories/18192
http://secunia.com/advisories/18303
http://secunia.com/advisories/18313
http://secunia.com/advisories/18336
http://secunia.com/advisories/18349
http://secunia.com/advisories/18380
http://secunia.com/advisories/18385
http://secunia.com/advisories/18387
http://secunia.com/advisories/18389
http://secunia.com/advisories/18398
http://secunia.com/advisories/18407
http://secunia.com/advisories/18416
http://secunia.com/advisories/18428
http://secunia.com/advisories/18436
http://secunia.com/advisories/18448
http://secunia.com/advisories/18503
http://secunia.com/advisories/18517
http://secunia.com/advisories/18534
http://secunia.com/advisories/18549
http://secunia.com/advisories/18554
http://secunia.com/advisories/18582
http://secunia.com/advisories/18674
http://secunia.com/advisories/18675
http://secunia.com/advisories/18679
http://secunia.com/advisories/18908
http://secunia.com/advisories/18913
http://secunia.com/advisories/19230
http://secunia.com/advisories/19377
http://secunia.com/advisories/19797
http://secunia.com/advisories/19798
http://secunia.com/advisories/25729
http://secunia.com/advisories/26413
http://securityreason.com/securityalert/233
http://securityreason.com/securityalert/234
http://securitytracker.com/id?1015309
http://securitytracker.com/id?1015324
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackw...
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackw...
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1
http://www.debian.org/security/2005/dsa-931
http://www.debian.org/security/2005/dsa-932
http://www.debian.org/security/2005/dsa-937
http://www.debian.org/security/2005/dsa-938
http://www.debian.org/security/2005/dsa-940
http://www.debian.org/security/2006/dsa-936
http://www.debian.org/security/2006/dsa-950
http://www.debian.org/security/2006/dsa-961
http://www.debian.org/security/2006/dsa-962
http://www.gentoo.org/security/en/glsa/glsa-200512-08.xml
http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml
http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=343&type=vulnerabilities
http://www.kde.org/info/security/advisory-20051207-1.txt
http://www.kde.org/info/security/advisory-20051207-2.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2006:003
http://www.mandriva.com/security/advisories?name=MDKSA-2006:004
http://www.mandriva.com/security/advisories?name=MDKSA-2006:005
http://www.mandriva.com/security/advisories?name=MDKSA-2006:006
http://www.mandriva.com/security/advisories?name=MDKSA-2006:008
http://www.mandriva.com/security/advisories?name=MDKSA-2006:010
http://www.mandriva.com/security/advisories?name=MDKSA-2006:011
http://www.mandriva.com/security/advisories?name=MDKSA-2006:012
http://www.novell.com/linux/security/advisories/2005_29_sr.html
http://www.novell.com/linux/security/advisories/2006_02_sr.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00015.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00016.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00036.html
http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00037.html
http://www.redhat.com/support/errata/RHSA-2005-840.html
http://www.redhat.com/support/errata/RHSA-2005-867.html
http://www.redhat.com/support/errata/RHSA-2005-878.html
http://www.redhat.com/support/errata/RHSA-2006-0160.html
http://www.securityfocus.com/archive/1/418883/100/0/threaded
http://www.securityfocus.com/archive/1/427053/100/0/threaded
http://www.securityfocus.com/archive/1/427990/100/0/threaded
http://www.securityfocus.com/bid/15726
http://www.securityfocus.com/bid/15727
http://www.trustix.org/errata/2005/0072/
http://www.ubuntulinux.org/usn/usn-227-1
http://www.vupen.com/english/advisories/2005/2786
http://www.vupen.com/english/advisories/2005/2787
http://www.vupen.com/english/advisories/2005/2788
http://www.vupen.com/english/advisories/2005/2789
http://www.vupen.com/english/advisories/2005/2790
http://www.vupen.com/english/advisories/2005/2856
http://www.vupen.com/english/advisories/2007/2280
https://exchange.xforce.ibmcloud.com/vulnerabilities/23443
https://exchange.xforce.ibmcloud.com/vulnerabilities/23444
https://issues.rpath.com/browse/RPL-1609
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	xpdf	xpdf	0.90	-
	运行在以下环境
	应用	xpdf	xpdf	0.91	-
	运行在以下环境
	应用	xpdf	xpdf	0.92	-
	运行在以下环境
	应用	xpdf	xpdf	0.93	-
	运行在以下环境
	应用	xpdf	xpdf	1.0	-
	运行在以下环境
	应用	xpdf	xpdf	1.0a	-
	运行在以下环境
	应用	xpdf	xpdf	1.1	-
	运行在以下环境
	应用	xpdf	xpdf	2.0	-
	运行在以下环境
	应用	xpdf	xpdf	2.1	-
	运行在以下环境
	应用	xpdf	xpdf	2.2	-
	运行在以下环境
	应用	xpdf	xpdf	2.3	-
	运行在以下环境
	应用	xpdf	xpdf	3.0	-
	运行在以下环境
	应用	xpdf	xpdf	3.0.1	-
	运行在以下环境
	应用	xpdf	xpdf	3.0_pl2	-
	运行在以下环境
	应用	xpdf	xpdf	3.0_pl3	-
	运行在以下环境
	系统	debian_10	cups	*		Up to (excluding) 1.1.23-13
	运行在以下环境
	系统	debian_11	cups	*		Up to (excluding) 1.1.23-13
	运行在以下环境
	系统	debian_12	cups	*		Up to (excluding) 1.1.23-13
	运行在以下环境
	系统	debian_3.0	xpdf	*		Up to (excluding) 1.00-3.8
	运行在以下环境
	系统	debian_3.1	kdegraphics	*		Up to (excluding) 0.4.2-2sarge2
	运行在以下环境
	系统	debian_sid	cups	*		Up to (excluding) 1.1.23-13