Arch Linux: 201910-10 Medium: xpdf Arbitrary Code Execution
Oct 23, 2019
•
LinuxSecurity Advisories
1 min read
Topics Covered
The package xpdf before version 4.02-1 is vulnerable to arbitrary code execution.
Arch Linux Security Advisory ASA-201910-10 ========================================= Severity: Medium Date : 2019-10-16 CVE-ID : CVE-2019-16927 Package : xpdf Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1048 Summary ====== The package xpdf before version 4.02-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 4.02-1. # pacman -Syu "xpdf>=4.02-1" The problem has been fixed upstream in version 4.02. Workaround ========= None. Description ========== Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. Impact ===== A local attacker is able to execute arbitrary code via a specially crafted PDF document. References ========= https://bugs.archlinux.org/task/63980 ;t=41885 https://security.archlinux.org/CVE-2019-16927
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!