Russian Cyber Underground Team [WN13]
Joachim Schrod discovered several buffer overflow vulnerabilities and
an insecure temporary file creation in the “dvilj” application that is
used by dvips to convert DVI files to printer formats (CVE-2007-5937,
CVE-2007-5936).
More: continued here
More: continued here
Update to 0.9.5.
More: continued here
Alin Rad Pop (Secunia Research) discovered several vulnerabilities in
the “Stream.cc” file of Xpdf: An integer overflow in the
DCTStream::reset() method and a boundary error in the
CCITTFaxStream::lookChar() method, both leading to heap-based buffer
overflows (CVE-2007-5392, CVE-2007-5393).
Alin Rad Pop from Secunia Research discovered a boundary error in the
function separate_sentence() in file tokenize.c when processing an
overly long word which might lead to a stack-based buffer overflow.
More: continued here