In association with heise online

09 July 2008, 10:56

Critical vulnerability in libpoppler PDF rendering library

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The Open Source Computer Emergency Response Team (oCERT) has warned of a critical vulnerability in open source PDF rendering library libpoppler. The library, which arose as a fork of xpdf 3.0, is used by PDF viewers including Evince, ePDFView and Okular. A memory management error when initialising the pageWidget object makes it possible to inject code onto a system using crafted PDF files and execute the code with the user's privileges.

All versions up to and including 0.8.4 are vulnerable. A source code patch to fix the problem is available. Some Linux distributors have already released updated packages. An official libpoppler update is scheduled for the end of July.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit