In association with heise online

31 July 2007, 17:52

Security hole in XPDF and KDE

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The KDE developers have published a security advisory concerning a vulnerability when processing crafted PDFs. Opening one of these files with XPDF, kpdf, KOffice or any other software which has adopted the source code from XPDF can cause a buffer overflow and execution of an arbitrary program code.

The bug stems from an integer overflow in the function StreamPredictor::StreamPredictor(). The developers have prepared source-code patches for the software versions affected. The bug is found in XPDF 3.02 and possibly the previous versions, KDE 3.2.0 up to and including 3.5.7 as well as KOffice 1.2.1 and later versions.

Other applications which use the faulty code from XPDF also contain the vulnerability. Red Hat has now also released software updates for CUPS, gpdf and poppler which close the hole. The other Linux distributors are also soon to release up-dated packages, which users should install as soon as they can.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit