In association with heise online

17 April 2009, 11:06

Several critical vulnerabilities in Xpdf patched

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

An update for the free open source PDF viewer Xpdf fixes several critical vulnerabilities, some of which could allow for the injection and execution of arbitrary code. The cause of the problems are buffer overflows stemming from vulnerabilities in the JBIG2 decoder, which were recently patched by Adobe in it's Reader products. The vulnerabilities affect Xpdf 3.x and can be exploited when a user opens a specially crafted PDF document.

The Linux distributor Red Hat lists a total of ten vulnerabilities on it's web site, of which seven allow for an infection and three only lead to crashing the application. The official Xpdf 3.02pl3 release from Foolabs fixes the problems and a patch(direct download link) is also available. Other Linux distribution providers are also providing updated packages to address the Xpdf vulnerabilities.

Since other applications, such as KOffice, use parts of the Xpdf code base, they could also be vulnerable. However, so far, there is no news on this.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit