[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

USN-973-1 -- koffice vulnerabilities

ID: oval:org.secpod.oval:def:700041Date: (C)2011-01-28   (M)2024-01-02
Class: PATCHFamily: unix




Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that the Xpdf used in KOffice contained multiple security issues in its JBIG2 decoder. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. It was discovered that the Xpdf used in KOffice contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. KOffice in Ubuntu 9.04 uses a very old version of Xpdf to import PDFs into KWord. Upstream KDE no longer supports PDF import in KOffice and as a result it was dropped in Ubuntu 9.10. While an attempt was made to fix the above issues, the maintenance burden for supporting this very old version of Xpdf outweighed its utility, and PDF import is now also disabled in Ubuntu 9.04.

Platform:
Ubuntu 9.04
Product:
koffice
Reference:
USN-973-1
CVE-2009-0146
CVE-2009-0147
CVE-2009-0165
CVE-2009-0166
CVE-2009-0195
CVE-2009-0799
CVE-2009-0800
CVE-2009-1179
CVE-2009-1180
CVE-2009-1181
CVE-2009-3606
CVE-2009-3608
CVE-2009-3609
CVE    13
CVE-2009-3606
CVE-2009-0800
CVE-2009-0799
CVE-2009-0165
...
CPE    1
cpe:/o:ubuntu:ubuntu_linux:9.04

© SecPod Technologies