Stream.cxx vulnerabilities (cups, poppler, xpdf)
|Reported by:||Owned by:|
Description (last modified by )
CVE-2008-0047 (heap overflow, cups versions up to 1.3.5).
I've been using 1.2.12 for a long while, and just started using 1.3.6 on newer systems. I've got the patches OpenSuse use on 1.2.12 (also CVE-2007-4352 and CVE-2007-5392), I can take a look at putting those in for 6.3.
Investigation also showed Suse patch for CVE-2007-3387 - all of these are in Stream.cxx, from xpdf, so I've renamed the ticket.
They variously affect xpdf-3.02 < pl2 (no comments on foolabs about what pl2 fixes, but some of these are against pl1), poppler < 0.5.91, also old gpdf which is not in the book, and kpdf, kgraphics - kde should be fixed by 3.5.9 or earlier, but I can see kdegraphics appeared to use poppler on one of my systems.
Change History (5)
comment:2 by , 14 years ago
|Summary:||cups latest vulnerability → Stream.cxx vulnerabilities (cups, poppler, xpdf)|