Alerts This Week
Warning Icon 1 717
Alerts This Week
Warning Icon 1 717

Fedora 42: xpdf Update 2025-e72c726192 Critical Buffer Overflow Issues

fedora
Calendar Grey December 5, 2025
Dist Fedora Esm H88
This advisory provides critical security fixes for xpdf in Fedora 42, addressing various CVEs and application vulnerabilities.
Update to 4.06

Summary

Xpdf is an X Window System based viewer for Portable Document Format

(PDF) files. Xpdf is a small and efficient program which uses

standard X fonts.

Update Information:

Update to 4.06. Lots of bugfixes, but notably, security fixes for the following CVEs: CVE-2024-2971 CVE-2024-3247 CVE-2024-3248 CVE-2024-3900 CVE-2024-4141 CVE-2024-4568 CVE-2024-4976 CVE-2024-7866 CVE-2024-7867 CVE-2024-7868 CVE-2025-2574 CVE-2025-3154 CVE-2025-11896

Topics%20covered

Topics Covered

security advisory fedora buffer overflow remote code execution xpdf stack overflow

Change Log

* Tue Nov 18 2025 Tom Callaway - 1:4.06-1 - update to 4.06 * Thu Jul 31 2025 Tom Callaway - 1:4.05-8 - passing -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with CMake4 (bz2381643) * Fri Jul 25 2025 Fedora Release Engineering - 1:4.05-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References


[ 1 ] Bug #2271913 - CVE-2024-2971 xpdf: negative object number in an indirect reference in a PDF file can cause an out-of-bounds array write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2271913 [ 2 ] Bug #2272853 - CVE-2024-3247 xpdf: stack-overflow in pdftotext [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2272853 [ 3 ] Bug #2272856 - CVE-2024-3248 xpdf: stack overflow via pdftpng [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2272856 [ 4 ] Bug #2275829 - CVE-2024-3900 xpdf: out-of-bounds array write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2275829 [ 5 ] Bug #2277032 - CVE-2024-4141 xpdf: Out-of-bounds array write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2277032 [ 6 ] Bug #2279473 - CVE-2024-4568 xpdf: loop in the PDF resources leads to infinite recursion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279473 [ 7 ] Bug #2280762 - CVE-...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e72c726192' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xpdf
Product: Fedora 42
Version: 4.06
Release: 1.fc42
URL:
Summary: A PDF file viewer for the X Window System

Topics%20covered

Topics Covered

security advisory fedora buffer overflow remote code execution xpdf stack overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here