Fedora: 2004-348 Critical Advisory For xpdf Integer Overflow Attack

Xpdf is an X Window System based viewer for Portable Document Format

(PDF) files. Xpdf is a small and efficient program which uses

standard X fonts.

Xpdf is an X Window System based viewer for Portable Document Format (PDF) files.

During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0888 to this issue.

Users of xpdf are advised to upgrade to this errata package, which contains a backported patch correcting these issues. * Thu Oct 21 2004 Than Ngo <than@redhat.com> 1:3.00-3.4

- Apply patch to fix can-2004-0888, can-2004-0889

* Thu Oct 21 2004 Than Ngo <than@redhat.com> 1:3.00-3.3

- Fix xpdf crash #136633

* Tue Oct 12 2004 Than Ngo <than@redhat.com> 1:3.00-3.2

- Apply patch to fix can-2004-0888, can-2004-0889 - Fix xpdf crash when selecting outline without page reference #134993 - Fix locale issue #133911 - ...