Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 81146 - Colour index overflow attack
Summary: Colour index overflow attack
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: xpdf
Version: 8.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Ngo Than
QA Contact: Mike McLean
Depends On:
TreeView+ depends on / blocked
Reported: 2003-01-06 05:11 UTC by Michal Jaegermann
Modified: 2007-04-18 16:49 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2003-02-10 08:33:05 UTC

Attachments (Terms of Use)

Description Michal Jaegermann 2003-01-06 05:11:03 UTC
Description of problem: describes how to attack
pdftops filter used, among other things, by CUPS.  That advisory is
specifically for a version of xpdf currently in rawhide but it mentions
that it applies to all earlier versions as well.  It also includes a
reference to a patch (although 'indexHighA != indexHighA && 0xff' test
would be likely marginally simpler).

Comment 1 Mark J. Cox 2003-01-08 11:12:12 UTC
known issue, erratum for CUPS and Xpdf packages is in progress

Comment 2 Mark J. Cox 2003-02-10 08:33:05 UTC
CUPS was released some time ago, xpdf updates were completed last week.

Note You need to log in before you can comment on or make changes to this bug.