[VIM] xpdf/etc. - clarity needed for CVEs (fwd)
Steven M. Christey
coley at linus.mitre.org
Fri Jan 6 12:48:46 EST 2006
FYI, I haven't updated the CVEs yet but this is important/timely enough I
figured I'd pass it on.
---------- Forwarded message ----------
Date: Fri, 06 Jan 2006 12:38:42 -0500
From: [Red Hat]
To: Chris Evans
Cc: Steven M. Christey <coley at mitre.org>, [RED HAT], [GENTOO]
Subject: Re: xpdf/etc. - clarity needed for CVEs
Here are the bits you should need to update the entries:
These numbers refer to Chris' advisory:
1) Out-of-bounds heap accesses with large or negative parameters to
* CVE-2005-3192 <- This overlaps with one of the iDEFENSE advisories
2) Out-of-bounds heap accesses with large or negative parameters to
3) Infinite CPU spins in various places when stream ends unexpectedly.
Probably repeated at various locations in the code.
4) NULL pointer crash in the "FlateDecode" stream. (This flaw happens to
be fixed by the patch for CVE-2005-3192)
5) Overflows of compInfo array in "DCTDecode" stream.
6) Possible to use index past end of array in "DCTDecode" stream.
7) More possible out-of-bounds indexing trouble in "DCTDecode" stream.
Additionally, CVE-2005-3628 also refers to a buffer overflow in
JBIG2Bitmap::JBIG2Bitmap() of JBIG2Stream.cc
This was discovered by Ludwig Nussel and was silently fixed in most *pdf
More information about the VIM