Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 31: FEDORA-2019-759ba8202b Critical: xpdf Buffer Issues

fedora
Calendar Grey October 26, 2019
Dist Fedora Esm H88
xpdf software updates on Fedora 31 address various critical buffer overflows and related security issues.
xpdf 4.02

Summary

Xpdf is an X Window System based viewer for Portable Document Format

(PDF) files. Xpdf is a small and efficient program which uses

standard X fonts.

xpdf 4.02. Lots of security fixes here.

* Wed Oct 16 2019 Tom Callaway - 1:4.02-1

- update to 4.02

[ 1 ] Bug #1728103 - CVE-2019-13286 xpdf: heap-based buffer over-read in function JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1728103

[ 2 ] Bug #1727737 - CVE-2019-13281 xpdf: heap-based buffer overflow in DCTStream::decodeImage() in Stream.cc [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1727737

[ 3 ] Bug #1727734 - CVE-2019-13282 xpdf: heap-based buffer over-read in SampledFunction::transform in Function.cc [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1727734

[ 4 ] Bug #1727730 - CVE-2019-13283 xpdf: heap-based buffer over-read in FoFiType1::parse in fofi/FoFiType1.cc [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1727730

[ 5 ] Bug #1725690 - CVE-2019-12957 CVE-2019-12958 xpdf: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1725690

[ 6 ] Bug #1716836 - CVE-2019-12493 xpdf: stack-based buffer over-read in function PostScriptFunction::transform in Function.cc [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1716836

[ 7 ] Bug #1716827 - CVE-2019-12515 xpdf: out-of-bounds read in function FlateStream::getChar() in Stream.cc [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1716827

su -c 'dnf upgrade --advisory FEDORA-2019-759ba8202b' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora xpdf security fixes PDF viewer buffer over-read

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 31
Version: 4.02
Release: 1.fc31
URL: http://www.xpdfreader.com/
Summary: A PDF file viewer for the X Window System

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora xpdf security fixes PDF viewer buffer over-read

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here