Debian Bug report logs - #350783
xpdf: Buffer overflow vulnerability in; CVE-2006-0301

version graph

Package: xpdf-reader; Maintainer for xpdf-reader is Michael Gilbert <>;

Reported by: Jan Niehusmann <>

Date: Tue, 31 Jan 2006 20:33:01 UTC

Severity: grave

Tags: security

Found in version xpdf-reader/3.01-5

Fixed in version xpdf/3.01-6

Done: Hamish Moffatt <>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to, Debian Security Team <>, Hamish Moffatt <>:
Bug#350783; Package xpdf-reader. Full text and rfc822 format available.

Acknowledgement sent to Jan Niehusmann <>:
New Bug report received and forwarded. Copy sent to Debian Security Team <>, Hamish Moffatt <>. Full text and rfc822 format available.

Message #5 received at (full text, mbox):

From: Jan Niehusmann <>
To: Debian Bug Tracking System <>
Subject: xpdf: Buffer overflow vulnerability in; CVE-2006-0301
Date: Tue, 31 Jan 2006 21:13:31 +0100
Package: xpdf-reader
Version: 3.01-5
Severity: grave
Tags: security
Justification: user security hole

xpdf is probably vulnerable due to the bug described in
(I didn't actually check if it's really vulnerable - but I guess it is)

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'oldstable'), (500, 'testing'), (500, 'stable'), (101, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-rc1-ge066d9a8-dirty
Locale: LANG=C, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)

Versions of packages xpdf depends on:
ii  xpdf-common                   3.01-5     Portable Document Format (PDF) sui
ii  xpdf-reader                   3.01-5     Portable Document Format (PDF) sui
ii  xpdf-utils                    3.01-5     Portable Document Format (PDF) sui

xpdf recommends no packages.

Versions of packages xpdf-reader depends on:
ii  gsfonts               8.14+v8.11+urw-0.2 Fonts for the Ghostscript interpre
ii  lesstif2              1:0.94.4-1.1       OSF/Motif 2.1 implementation relea
ii  libc6                 2.3.5-12           GNU C Library: Shared libraries an
ii  libfreetype6          2.1.10-1           FreeType 2 font engine, shared lib
ii  libgcc1               1:4.0.2-8          GCC support library
ii  libice6               6.9.0.dfsg.1-4     Inter-Client Exchange library
ii  libpaper1             1.1.14-5           Library for handling paper charact
ii  libsm6                6.9.0.dfsg.1-4     X Window System Session Management
ii  libstdc++6            4.0.2-8            The GNU Standard C++ Library v3
ii  libt1-5               5.1.0-2            Type 1 font rasterizer library - r
ii  libx11-6              6.9.0.dfsg.1-4     X Window System protocol client li
ii  libxext6              6.9.0.dfsg.1-4     X Window System miscellaneous exte
ii  libxp6                6.9.0.dfsg.1-4     X Window System printing extension
ii  libxpm4               6.9.0.dfsg.1-4     X pixmap library
ii  libxt6                6.9.0.dfsg.1-4     X Toolkit Intrinsics
ii  xpdf-common           3.01-5             Portable Document Format (PDF) sui
ii  zlib1g                1:1.2.3-9          compression library - runtime

-- no debconf information

Reply sent to Hamish Moffatt <>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Jan Niehusmann <>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at (full text, mbox):

From: Hamish Moffatt <>
Subject: Bug#350783: fixed in xpdf 3.01-6
Date: Wed, 01 Feb 2006 02:32:12 -0800
Source: xpdf
Source-Version: 3.01-6

We believe that the bug you reported is fixed in the latest version of
xpdf, which is due to be installed in the Debian FTP archive:

  to pool/main/x/xpdf/xpdf-common_3.01-6_all.deb
  to pool/main/x/xpdf/xpdf-reader_3.01-6_i386.deb
  to pool/main/x/xpdf/xpdf-utils_3.01-6_i386.deb
  to pool/main/x/xpdf/xpdf_3.01-6.diff.gz
  to pool/main/x/xpdf/xpdf_3.01-6.dsc
  to pool/main/x/xpdf/xpdf_3.01-6_all.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Hamish Moffatt <> (supplier of updated xpdf package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA1

Format: 1.7
Date: Wed,  1 Feb 2006 22:42:42 +1300
Source: xpdf
Binary: xpdf-utils xpdf xpdf-reader xpdf-common
Architecture: source i386 all
Version: 3.01-6
Distribution: unstable
Urgency: high
Maintainer: Hamish Moffatt <>
Changed-By: Hamish Moffatt <>
 xpdf       - Portable Document Format (PDF) suite
 xpdf-common - Portable Document Format (PDF) suite -- common files
 xpdf-reader - Portable Document Format (PDF) suite -- viewer for X11
 xpdf-utils - Portable Document Format (PDF) suite -- utilities
Closes: 350783 350785
 xpdf (3.01-6) unstable; urgency=high
   * SECURITY UPDATE: fixed buffer overflow in splash image handling
     (Splash/ using patch supplied by Red Hat:
     (closes: #350785, #350783)
   * References: CVE-2006-0301
   * My first upload from the side of the road on borrowed wifi
     in a foreign country...
 4f1e328b54761f3341951033632dbf0c 1096 text optional xpdf_3.01-6.dsc
 99c84b07a0dba4ddf757b5f5624d0f8b 31276 text optional xpdf_3.01-6.diff.gz
 0500b4aac7c4643c9027ccecc00750f8 1268 text optional xpdf_3.01-6_all.deb
 c76392b45d3938bac1d2ee071d6ad5da 60400 text optional xpdf-common_3.01-6_all.deb
 128f26ff7d538eb0d1c9acbf68ec62d0 770348 text optional xpdf-reader_3.01-6_i386.deb
 aa57363855941790ec8941073ae18655 1400174 text optional xpdf-utils_3.01-6_i386.deb

Version: GnuPG v1.4.2 (GNU/Linux)


Bug archived. Request was from Debbugs Internal Request <> to (Tue, 26 Jun 2007 20:11:55 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Thu Apr 17 18:49:19 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.