Patch remedies vulnerabilities in Xpdf
Security service provider Secunia has discovered several vulnerabilities in the open source Xpdf PDF viewer that allow attackers to inject malicious code. For the attacks to succeed, users merely have to open specially crafted PDF documents with the software. The developers have, however, already reacted and released a source code patch.
All the flaws are located in the Stream.cc source file. Firstly, memory can be corrupted by improper array indexing in the function DCTStream::readProgressiveDataUnit(). Secondly, an integer overflow in DCTStream::reset() can cause a buffer overflow on the heap. Thirdly, a flaw in CCITTFaxStream::lookChar() can also cause a heap-based buffer overflow.
The flaws exist in Xpdf 3.02pl1 and possibly other versions as well. Furthermore, they also affect other projects that use Xpdf, such as CUPS, kpdf and KOffice. The developers of Xpdf have already reacted and published a patch to version 3.02pl2 to remedy the flaws. The KDE developers also published patches. Users of the software should either patch the source code, recompile and install the program, or install updated packages from their Linux distributor as soon as these are made available. For the time being, users are advised to refrain from opening PDF files from untrusted sources.
- Xpdf "Stream.cc" Multiple Vulnerabilities, Secunia's security advisory
- Download the current Xpdf sources and patches
- kpdf/kword/xpdf multiple xpdf based vulnerabilities, security advisory from the KDE developers