Package: kpdf
Version: 4:3.3.2-1
Severity: grave
Tags: security patch
Justification: user security hole
Dear KDE maintainers,
the security fix for CAN-2005-0064 was derived from xpdf 3.00-12, which
in fact turned out to be incomplete wrt to a missing range check in XRef.cc.
Attached you can find a patch that adds the missing range verification, as
it has been done for xpdf 3.00-13.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
diff -Naur kdegraphics-3.3.2.orig/kpdf/xpdf/XRef.cc
kdegraphics-3.3.2/kpdf/xpdf/XRef.cc
--- kdegraphics-3.3.2.orig/kpdf/xpdf/XRef.cc 2004-11-28 14:30:57.000000000
+0100
+++ kdegraphics-3.3.2/kpdf/xpdf/XRef.cc 2005-04-05 16:05:04.000000000 +0200
@@ -820,6 +820,9 @@
} else {
keyLength = 5;
}
+ if (keyLength > 16) {
+ keyLength = 16;
+ }
permFlags = permissions.getInt();
if (encVersion >= 1 && encVersion <= 2 &&
encRevision >= 2 && encRevision <= 3) {
