CERTA-2005-AVI-017
Vulnerability from certfr_avis - Published: 2005-01-19 - Updated: 2005-01-27None
Description
La vulnérabilité CAN-2005-0064 affecte le logiciel xpdf. Le logiciel cupsys/cups ayant un code similaire présente la même vulnérabilité qui permet à un utilisateur mal intentionné de fabriquer un fichier au format pdf malicieux. L'interprétation de ce fichier par le logiciel cupsys/cups se traduit par l'exécution de code arbitraire.
En ce qui concerne la distribution Debian, Cette vulnérabilité n'affecte que la version stable. Les autres versions n'utilisent plus leur propre version de xpdf.
Solution
Appliquer le correctif (cf. section 5).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Le paquet cups de Mandrakelinux.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Le paquet cupsys de Debian dans toute version ant\u00e9rieure \u00e0 1.1.14-5woody12 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nLa vuln\u00e9rabilit\u00e9 CAN-2005-0064 affecte le logiciel xpdf. Le logiciel\ncupsys/cups ayant un code similaire pr\u00e9sente la m\u00eame vuln\u00e9rabilit\u00e9 qui\npermet \u00e0 un utilisateur mal intentionn\u00e9 de fabriquer un fichier au\nformat pdf malicieux. L\u0027interpr\u00e9tation de ce fichier par le logiciel\ncupsys/cups se traduit par l\u0027ex\u00e9cution de code arbitraire.\n\nEn ce qui concerne la distribution Debian, Cette vuln\u00e9rabilit\u00e9 n\u0027affecte\nque la version stable. Les autres versions n\u0027utilisent plus leur propre\nversion de xpdf.\n\n## Solution\n\nAppliquer le correctif (cf. section\u00a0[5](#sec:doc)).\n",
"cves": [],
"initial_release_date": "2005-01-19T00:00:00",
"last_revision_date": "2005-01-27T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-645 du 19 janvier 2005 :",
"url": "http://www.debian.org/security/2005/dsa-645"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandrakelinux MDKSA-2005:018 du 25 janvier 2005 :",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:018"
}
],
"reference": "CERTA-2005-AVI-017",
"revisions": [
{
"description": "version initiale ;",
"revision_date": "2005-01-19T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Mandrakelinux.",
"revision_date": "2005-01-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": null,
"title": "CUPS : vuln\u00e9rabilit\u00e9 dans l\u0027impression de certains documents PDF",
"vendor_advisories": [
{
"published_at": null,
"title": "CVE : CAN-2005-0064",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…