Debian 4.0: DSA-1537-1 Moderate: xpdf Multiple Issues Threats
debian
April 2, 2008
Alin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf, a set
of tools for display and conversion of Portable Document Format (PDF) files.
The Common Vulnerabiliti...
Summary
Inadequate DCT stream validation allows an attacker to corrupt
memory and potentially execute arbitrary code by supplying a
maliciously crafted PDF file.
CVE-2007-5392
An integer overflow vulnerability in DCT stream handling could
allow an attacker to overflow a heap buffer, enabling the execution
of arbitrary code.
CVE-2007-5393
A buffer overflow vulnerability in xpdf's CCITT image compression
handlers allows overflow on the heap, allowing an attacker to
execute arbitrary code by supplying a maliciously crafted
CCITTFaxDecode filter.
For the stable distribution (etch), these problems have been fixed in
version 3.01-9.1+etch2.
For the unstable distribution (sid), these problems have been fixed in
version 3.02-1.3.
We recommend that you upgrade your xpdf packages.
Upgrade instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-g...
PREVIOUS
NEXT
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!