Ubuntu Security Notice USN-163-1
9th August, 2005
xpdf vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.04
- Ubuntu 4.10
Details
xpdf and kpdf did not sufficiently verify the validity of the "loca"
table in PDF files, a table that contains glyph description
information for embedded TrueType fonts. After detecting the broken
table, xpdf attempted to reconstruct the information in it, which
caused the generation of a huge temporary file that quickly filled up
available disk space and rendered the application unresponsive.
The CUPS printing system in Ubuntu 5.04 uses the xpdf-utils package to
convert PDF files to PostScript. By attempting to print such a crafted
PDF file, a remote attacker could cause a Denial of Service in a print
server. The CUPS system in Ubuntu 4.10 is not vulnerable against this
attack.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.04:
- xpdf-utils
- xpdf-reader
- kpdf
- Ubuntu 4.10:
- xpdf-utils
- xpdf-reader
- kpdf
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None