Hole in Xpdf enables code injection
Kees Cook of the Ubuntu Security Team has discovered a security hole in Xpdf and libraries and applications based on it, via which attackers can inject and execute malicious code using crafted PDF files. The hole can be exploited merely by opening the PDF file.
The problem is caused by inadequate checking while typefaces embedded in PDF files are being processed, but no further details are known as yet. When manipulated PDF files are opened, injected code can be executed with the user's rights. An entry has already been added to the Common Vulnerabilities and Exposures (CVE) database, but it gives no further details.
In addition to Xpdf, affected software includes the poppler project and, in some Linux distributions, also KOffice, if code from Xpdf is statically linked in, as is the case with Ubuntu. Several Linux distributors are already issuing updated Xpdf, poppler and KOffice packages that fix the problem. Administrators should install these updates without delay.
- New xpdf packages fix arbitrary code execution, vulnerability report by the Debian developers
- poppler vulnerability, vulnerability report by Kees Cook of the Ubuntu Security Team
- KOffice vulnerability, vulnerability report by Kees Cook of the Ubuntu Security Team