In association with heise online

19 October 2009, 18:52

Vulnerabilities in several PDF applications

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security holes in numerous PDF applications allow attackers to infect systems with malware. When loading and unloading certain COM objects, for instance, the Foxit plug-in (npFoxitReaderPlugin.dll) for the Firefox web browser under Windows causes a memory leak that can potentially be exploited for injecting and executing code via specially crafted web pages. The flaw was discovered in version and has also been confirmed to exist in the current version of Foxit Reader (with Firefox 3.5.3 ). A similar bug that affected the loading of objects was recently fixed in Adobe Reader. So far, no updates have been made available for Foxit Reader.

Developers have also released a patch for the free Xpdf PDF reader that fixes four security problems in version 3.02. Exploits for a buffer overflow and a null pointer dereference hole are already in circulation. Problems in Xpdf usually cause a whole string of vulnerabilities in other applications that are based on its code, for example poppler, CUPS , Gpdf and KPDF.

In CUPS, the holes were reportedly closed in the official version 1.4.1. Currently, no official updates have been released for KPDF, poppler or gpdf. However, Linux distributor Red Hat has already released new packages for these applications, and other distributors are likely to follow soon. As always, users are advised to treat unsolicited PDF documents with caution and open them in an alternative PDF reader until the relevant updates have become available.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit