In association with heise online

13 October 2010, 12:39

Vulnerabilities in Xpdf affect several open source products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to a report from Red Hat, two vulnerabilities in the free PDF reader Xpdf can be exploited via manipulated PDF documents to compromise a victim's system. The flaws are reportedly due to an uninitialised pointer and an array index error.

These problems extend to a number of applications that use the Xpdf code, including, poppler, CUPS, gPDF and KPDF. However, Red Hat hasn't released specific information about affected versions. Whether the document viewer Evince, which relies on poppler, is also affected is unknown.

Red Hat has made updated packages available for all listed products. According to security specialists Secunia the poppler developers closed the gaps in their repository three weeks ago. The status of other products is currently unclear. If the packages of other distributors are affected it seems likely they will soon follow suit with updates.

Update - The poppler developers have confirmed that the bugs are fixed in poppler version 0.14.4


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit