white at alioth.debian.org
2007-Sep-03 12:19 UTC
[Secure-testing-commits] r6477 - data/DTSA/advs
Author: white Date: 2007-09-03 12:19:55 +0000 (Mon, 03 Sep 2007) New Revision: 6477 Added: data/DTSA/advs/54-poppler.adv data/DTSA/advs/55-centerim.adv Log: Add missing .adv files for DTSA 54 and 55 Added: data/DTSA/advs/54-poppler.adv ==================================================================--- data/DTSA/advs/54-poppler.adv (rev 0) +++ data/DTSA/advs/54-poppler.adv 2007-09-03 12:19:55 UTC (rev 6477) @@ -0,0 +1,21 @@ +source: poppler +date: August 22nd , 2007 +author: Steffen Joeris +vuln-type: integer overflow +problem-scope: local (remote) +debian-specifc: no +cve: CVE-2007-3387 +vendor-advisory: +testing-fix: 0.5.4-6lenny1 +sid-fix: 0.5.4-6.1 +upgrade: apt-get upgrade + +It was discovered that an integer overflow in the xpdf PDF viewer may lead +to the execution of arbitrary code if a malformed PDF file is opened. + +CVE-2007-3387 + +Integer overflow in the StreamPredictor::StreamPredictor function in gpdf +before 2.8.2, as used in (1) poppler, (2) xpdf, (3) kpdf, (4) kdegraphics, +(5) CUPS, and other products, might allow remote attackers to execute +arbitrary code via a crafted PDF file. Added: data/DTSA/advs/55-centerim.adv ==================================================================--- data/DTSA/advs/55-centerim.adv (rev 0) +++ data/DTSA/advs/55-centerim.adv 2007-09-03 12:19:55 UTC (rev 6477) @@ -0,0 +1,22 @@ +source: centerim +date: September 1st , 2007 +author: Steffen Joeris +vuln-type: buffer overflows +problem-scope: remote +debian-specifc: no +cve: CVE-2007-3713 +vendor-advisory: +testing-fix: 4.22.1-2lenny1 +sid-fix: 4.22.1-2.1 +upgrade: apt-get upgrade + +It was discovered that there are multiple buffer overflows, which could lead +to the execution of arbitrary code. + +CVE-2007-3713 + +Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow +remote attackers to execute arbitrary code via unspecified vectors. +NOTE: the provenance of this information is unknown; the details are +obtained solely from third party information. NOTE: this might overlap +CVE-2007-0160.