CUPS Xpdf pageSize 输入验证错误漏洞

漏洞信息详情

CUPS Xpdf pageSize 输入验证错误漏洞

• CNNVD编号：CNNVD-200804-056
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2008-1374
  
• 漏洞类型：
  
  
  输入验证错误
  
• 发布时间：
  
  2004-10-21
  
• 威胁类型：
  
  

• 更新时间：
  
  2020-12-24
  
• 厂        商：
  
  red_hat
• 漏洞来源：
  Chris Evans chris@…

Red Hat Enterprise Linux是美国红帽（Red Hat）公司的面向企业用户的Linux操作系统

Xpdf包含的pdftops/XRef.cc在处理pageSize值时存在输入验证错误漏洞.构建恶意PDF文件，诱使用户访问，可触发整数缓冲区溢出。

CUPS包含调用Xpdf，因此也受此漏洞影响。目前没有详细漏洞细节提供。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

RedHat Fedora Core2

RedHat cups-1.1.20-11.11.i386.rpm

Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

RedHat cups-1.1.20-11.11.x86_64.rpm

Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

RedHat cups-debuginfo-1.1.20-11.11.i386.rpm

Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

RedHat cups-debuginfo-1.1.20-11.11.x86_64.rpm

Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

RedHat cups-devel-1.1.20-11.11.i386.rpm

Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

RedHat cups-devel-1.1.20-11.11.x86_64.rpm

Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

RedHat cups-libs-1.1.20-11.11.i386.rpm

Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

RedHat cups-libs-1.1.20-11.11.x86_64.rpm

Fedora Core 2

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

GNOME GPdf 0.110

RedHat gpdf-0.110-1.4.legacy.i386.rpm

http://download.fedoralegacy.org/fedora/1/updates/i386/gpdf-0.110-1.4. legacy.i386.rpm

GNOME GPdf 0.131

Conectiva gpdf-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-0.131-56565U10_1cl.i3 86.rpm

Conectiva gpdf-i18n-am-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-am-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-ar-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-ar-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-az-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-az-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-be-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-be-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-bn-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-bn-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-ca-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-ca-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-cs-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-cs-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-cy-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-cy-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-da-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-da-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-de-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-de-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-el-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-el-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-en_CA-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-en_CA-0.131-5656 5U10_1cl.i386.rpm

Conectiva gpdf-i18n-en_GB-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-en_GB-0.131-5656 5U10_1cl.i386.rpm

Conectiva gpdf-i18n-eo-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-eo-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-es-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-es-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-eu-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-eu-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-fa-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-fa-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-fi-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-fi-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-fr-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18n-fr-0.131-56565U1 0_1cl.i386.rpm

Conectiva gpdf-i18n-ga-0.131-56565U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/gpdf-i18

来源:BUGTRAQ

链接:http://www.securityfocus.com/archive/1/495164/100/0/threaded

来源:CONFIRM

链接:https://issues.rpath.com/browse/RPL-2390

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9636

来源:SECUNIA

链接:http://secunia.com/advisories/31388

来源:SECUNIA

链接:http://secunia.com/advisories/29630

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2008-0206.html

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/41758

来源:CONFIRM

链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0245