ArchLinux: 201910-10: xpdf: arbitrary code execution

    Date23 Oct 2019
    CategoryArchLinux
    272
    Posted ByLinuxSecurity Advisories
    Archlinux Large
    The package xpdf before version 4.02-1 is vulnerable to arbitrary code execution.
    Arch Linux Security Advisory ASA-201910-10
    ==========================================
    
    Severity: Medium
    Date    : 2019-10-16
    CVE-ID  : CVE-2019-16927
    Package : xpdf
    Type    : arbitrary code execution
    Remote  : No
    Link    : https://security.archlinux.org/AVG-1048
    
    Summary
    =======
    
    The package xpdf before version 4.02-1 is vulnerable to arbitrary code
    execution.
    
    Resolution
    ==========
    
    Upgrade to 4.02-1.
    
    # pacman -Syu "xpdf>=4.02-1"
    
    The problem has been fixed upstream in version 4.02.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the
    TextPage::findGaps function in TextOutputDev.cc, a different
    vulnerability than CVE-2019-9877.
    
    Impact
    ======
    
    A local attacker is able to execute arbitrary code via a specially
    crafted PDF document.
    
    References
    ==========
    
    https://bugs.archlinux.org/task/63980
    https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885
    https://security.archlinux.org/CVE-2019-16927
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50.65,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"27","type":"x","order":"3","pct":35.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.