Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 88 articles for you...
89
security advisoryfedorabuffer overflowFedora 42: xpdf Update 2025-e72c726192 Critical Buffer Overflow Issues
Update to 4.06. Lots of bugfixes, but notably, security fixes for the following CVEs: CVE-2024-2971 CVE-2024-3247 CVE-2024-3248. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e72c726192 2025-12-05 02:40:12.305976+00:00 -------------------------------------------------------------------------------- Name : xpdf Product : Fedora 42 Version : 4.06 Release : 1.fc42 URL : Summary : A PDF file viewer for the X Window System Description : Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. -------------------------------------------------------------------------------- Update Information: Update to 4.06. Lots of bugfixes, but notably, security fixes for the following CVEs: CVE-2024-2971 CVE-2024-3247 CVE-2024-3248 CVE-2024-3900 CVE-2024-4141 CVE-2024-4568 CVE-2024-4976 CVE-2024-7866 CVE-2024-7867 CVE-2024-7868 CVE-2025-2574 CVE-2025-3154 CVE-2025-11896 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2025 Tom Callaway - 1:4.06-1 - update to 4.06 * Thu Jul 31 2025 Tom Callaway - 1:4.05-8 - passing -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with CMake4 (bz2381643) * Fri Jul 25 2025 Fedora Release Engineering - 1:4.05-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2271913 - CVE-2024-2971 xpdf: negative object number in an indirect reference in a PDF file can cause an out-of-bounds array write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2271913 [ 2 ] Bug #2272853 - CVE-2024-3247 xpdf: stack-overflow in pdftotext [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2272853 [ 3 ] Bug #2272856 - CVE-2024-3248 xpdf: stack overflow via pdftpng[fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2272856 [ 4 ] Bug #2275829 - CVE-2024-3900 xpdf: out-of-bounds array write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2275829 [ 5 ] Bug #2277032 - CVE-2024-4141 xpdf: Out-of-bounds array write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2277032 [ 6 ] Bug #2279473 - CVE-2024-4568 xpdf: loop in the PDF resources leads to infinite recursion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279473 [ 7 ] Bug #2280762 - CVE-2024-4976 xpdf: Out-of-bounds array write due to missing object type check [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2280762 [ 8 ] Bug #2305301 - CVE-2024-7868 xpdf: invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2305301 [ 9 ] Bug #2305302 - CVE-2024-7867 xpdf: integer overflow and divide-by-zero due to very large coordinates in a page box [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2305302 [ 10 ] Bug #2305307 - CVE-2024-7866 xpdf: infinite recursion and a stack overflow due to PDF object loop in a pattern resource [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2305307 [ 11 ] Bug #2354014 - CVE-2025-2574 xpdf: Out-of-bounds array write in Xpdf 4.05 due to incorrect integer overflow checking [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2354014 [ 12 ] Bug #2357056 - CVE-2025-3154 xpdf: Out-of-bounds array write due to invalid VerticesPerRow in Xpdf 4.05 [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2357056 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e72c726192' at the command line. For more information, refer to the dnf documentation availableat http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 05, 2025
•Critical
Fedora
89
security advisoryfedoracriticalFedora 43: xpdf Critical Security Updates for Multiple CVEs 2025-7c5b6a3bcb
Update to 4.06. Lots of bugfixes, but notably, security fixes for the following CVEs: CVE-2024-2971 CVE-2024-3247 CVE-2024-3248. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-7c5b6a3bcb 2025-12-05 02:08:09.994302+00:00 -------------------------------------------------------------------------------- Name : xpdf Product : Fedora 43 Version : 4.06 Release : 1.fc43 URL : Summary : A PDF file viewer for the X Window System Description : Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts. -------------------------------------------------------------------------------- Update Information: Update to 4.06. Lots of bugfixes, but notably, security fixes for the following CVEs: CVE-2024-2971 CVE-2024-3247 CVE-2024-3248 CVE-2024-3900 CVE-2024-4141 CVE-2024-4568 CVE-2024-4976 CVE-2024-7866 CVE-2024-7867 CVE-2024-7868 CVE-2025-2574 CVE-2025-3154 CVE-2025-11896 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2025 Tom Callaway - 1:4.06-1 - update to 4.06 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2271913 - CVE-2024-2971 xpdf: negative object number in an indirect reference in a PDF file can cause an out-of-bounds array write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2271913 [ 2 ] Bug #2272853 - CVE-2024-3247 xpdf: stack-overflow in pdftotext [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2272853 [ 3 ] Bug #2272856 - CVE-2024-3248 xpdf: stack overflow via pdftpng [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2272856 [ 4 ] Bug #2275829 - CVE-2024-3900 xpdf: out-of-bounds array write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2275829 [ 5 ] Bug #2277032 - CVE-2024-4141xpdf: Out-of-bounds array write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2277032 [ 6 ] Bug #2279473 - CVE-2024-4568 xpdf: loop in the PDF resources leads to infinite recursion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279473 [ 7 ] Bug #2280762 - CVE-2024-4976 xpdf: Out-of-bounds array write due to missing object type check [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2280762 [ 8 ] Bug #2305301 - CVE-2024-7868 xpdf: invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2305301 [ 9 ] Bug #2305302 - CVE-2024-7867 xpdf: integer overflow and divide-by-zero due to very large coordinates in a page box [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2305302 [ 10 ] Bug #2305307 - CVE-2024-7866 xpdf: infinite recursion and a stack overflow due to PDF object loop in a pattern resource [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2305307 [ 11 ] Bug #2354014 - CVE-2025-2574 xpdf: Out-of-bounds array write in Xpdf 4.05 due to incorrect integer overflow checking [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2354014 [ 12 ] Bug #2357056 - CVE-2025-3154 xpdf: Out-of-bounds array write due to invalid VerticesPerRow in Xpdf 4.05 [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2357056 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-7c5b6a3bcb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 05, 2025
•Critical
Fedora
99
security advisorysecurity issuebuffer overflowSlackware 15.0: xpdf Critical Fix for Buffer Overflow SSA:2025-319-01
New xpdf packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] xpdf (SSA:2025-319-01) New xpdf packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/xpdf-4.06-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-2971 https://www.cve.org/CVERecord?id=CVE-2024-3247 https://www.cve.org/CVERecord?id=CVE-2024-3248 https://www.cve.org/CVERecord?id=CVE-2024-3900 https://www.cve.org/CVERecord?id=CVE-2024-4141 https://www.cve.org/CVERecord?id=CVE-2024-4568 https://www.cve.org/CVERecord?id=CVE-2024-4976 https://www.cve.org/CVERecord?id=CVE-2024-7866 https://www.cve.org/CVERecord?id=CVE-2024-7867 https://www.cve.org/CVERecord?id=CVE-2024-7868 https://www.cve.org/CVERecord?id=CVE-2025-2574 https://www.cve.org/CVERecord?id=CVE-2025-3154 https://www.cve.org/CVERecord?id=CVE-2025-11896 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xpdf-4.06-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xpdf-4.06-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xpdf-4.06-i686-1.txz Updated package for Slackware x86_64-current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/xpdf-4.06-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: a4aeff64d0d87e7a8f015968655442d6 xpdf-4.06-i586-1_slack15.0.txz Slackware x86_64 15.0 package: a1fdd57545d189be27677ebf34886f14 xpdf-4.06-x86_64-1_slack15.0.txz Slackware -current package: b96e96c83bc761ca1ea8f2eb37b39220 xap/xpdf-4.06-i686-1.txz Slackware x86_64 -current package: 5e9929c5fc76a1a75c0e013f18214ba9 xap/xpdf-4.06-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg xpdf-4.06-i586-1_slack15.0.txz +-----+ . New xpdf packages for Slackware 15.0 address critical security issues. Immediate action is advised for system safety.. Slackware updates, xpdf security fix, Linux application security, package management, cybersecurity. . Severity: Critical. LinuxSecurity.com Team
Nov 15, 2025
•Critical
Slackware
91
security advisorydenial of servicegentooGentoo: GLSA-202409-25 normal severity: Xpdf denial of service
Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202409-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xpdf: Multiple Vulnerabilities Date: September 25, 2024 Bugs: #845027, #908037, #936407 ID: 202409-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Background ========== Xpdf is an X viewer for PDF files. Affected packages ================= Package Vulnerable Unaffected ------------- ------------ ------------ app-text/xpdf < 4.05 > = 4.05 Description =========== Multiple vulnerabilities have been discovered in Xpdf. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Xpdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-text/xpdf-4.05" References ========== [ 1 ] CVE-2018-7453 https://nvd.nist.gov/vuln/detail/CVE-2018-7453 [ 2 ] CVE-2018-16369 https://nvd.nist.gov/vuln/detail/CVE-2018-16369 [ 3 ] CVE-2022-30524 https://nvd.nist.gov/vuln/detail/CVE-2022-30524 [ 4 ] CVE-2022-30775 https://nvd.nist.gov/vuln/detail/CVE-2022-30775 [ 5 ] CVE-2022-33108 https://nvd.nist.gov/vuln/detail/CVE-2022-33108 [ 6 ] CVE-2022-36561 https://nvd.nist.gov/vuln/detail/CVE-2022-36561 [ 7 ] CVE-2022-38222 https://nvd.nist.gov/vuln/detail/CVE-2022-38222 [ 8 ] CVE-2022-38334 https://nvd.nist.gov/vuln/detail/CVE-2022-38334 [ 9 ] CVE-2022-38928 https://nvd.nist.gov/vuln/detail/CVE-2022-38928 [ 10 ] CVE-2022-41842 https://nvd.nist.gov/vuln/detail/CVE-2022-41842 [ 11 ] CVE-2022-41843 https://nvd.nist.gov/vuln/detail/CVE-2022-41843 [ 12 ] CVE-2022-41844 https://nvd.nist.gov/vuln/detail/CVE-2022-41844 [ 13 ] CVE-2022-43071 https://nvd.nist.gov/vuln/detail/CVE-2022-43071 [ 14 ] CVE-2022-43295 https://nvd.nist.gov/vuln/detail/CVE-2022-43295 [ 15 ] CVE-2022-45586 https://nvd.nist.gov/vuln/detail/CVE-2022-45586 [ 16 ] CVE-2022-45587 https://nvd.nist.gov/vuln/detail/CVE-2022-45587 [ 17 ] CVE-2023-2662 https://nvd.nist.gov/vuln/detail/CVE-2023-2662 [ 18 ] CVE-2023-2663 https://nvd.nist.gov/vuln/detail/CVE-2023-2663 [ 19 ] CVE-2023-2664 https://nvd.nist.gov/vuln/detail/CVE-2023-2664 [ 20 ] CVE-2023-3044 https://nvd.nist.gov/vuln/detail/CVE-2023-3044 [ 21 ] CVE-2023-3436 https://nvd.nist.gov/vuln/detail/CVE-2023-3436 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202409-25 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Sep 25, 2024
Gentoo
203
security advisorysecurity issueinteger overflowMageia 9 MGASA-2024-0035 Important: Xpdf Memory Access Threats
The updated packages fix security vulnerabilities: Logic bug in text extractor led to invalid memory access. (CVE-2022-30524) Integer overflow in rasterizer. (CVE-2022-30775) PDF object loop in Catalog::countPageTree. (CVE-2022-33108) . MGASA-2024-0035 - Updated xpdf packages fix security vulnerabilities Publication date: 10 Feb 2024 URL: https://advisories.mageia.org/MGASA-2024-0035.html Type: security Affected Mageia releases: 9 CVE: CVE-2022-30524, CVE-2022-30775, CVE-2022-33108, CVE-2022-36561, CVE-2022-38222, CVE-2022-38334, CVE-2022-38928, CVE-2022-41842, CVE-2022-41843, CVE-2022-41844, CVE-2022-43071, CVE-2022-43295, CVE-2022-45586, CVE-2022-45587, CVE-2023-2662, CVE-2023-2663, CVE-2023-2664, CVE-2023-3044, CVE-2023-3436 The updated packages fix security vulnerabilities: Logic bug in text extractor led to invalid memory access. (CVE-2022-30524) Integer overflow in rasterizer. (CVE-2022-30775) PDF object loop in Catalog::countPageTree. (CVE-2022-33108) PDF object loop in AcroForm::scanField. (CVE-2022-36561) Logic bug in JBIG2 decoder. (CVE-2022-38222) PDF object loop in Catalog::countPageTree. (CVE-2022-38334) Missing bounds check in CFF font converter caused null pointer dereference. (CVE-2022-38928) PDF object loop in Catalog::countPageTree. (CVE-2022-41842) Missing bounds check in CFF font parser caused invalid memory access. (CVE-2022-41843) PDF object loop in AcroForm::scanField. (CVE-2022-41844) PDF object loop in Catalog::readPageLabelTree2. (CVE-2022-43071) PDF object loop in Catalog::countPageTree. (CVE-2022-43295) PDF object loop in Catalog::countPageTree. (CVE-2022-45586) PDF object loop in Catalog::countPageTree. (CVE-2022-45587) Divide-by-zero in Xpdf 4.04 due to bad color space object. (CVE-2023-2662) PDF object loop in Catalog::readPageLabelTree2. (CVE-2023-2663) PDF object loop in Catalog::readEmbeddedFileTree. (CVE-2023-2664) Divide-by-zero in Xpdf 4.04 due to very large page size.(CVE-2023-3044) Deadlock in Xpdf 4.04 due to PDF object stream references. (CVE-203-3436) References: - https://bugs.mageia.org/show_bug.cgi?id=30812 - http://www.xpdfreader.com/security-fixes.html - https://www.cve.org/CVERecord?id=CVE-2022-30524 - https://www.cve.org/CVERecord?id=CVE-2022-30775 - https://www.cve.org/CVERecord?id=CVE-2022-33108 - https://www.cve.org/CVERecord?id=CVE-2022-36561 - https://www.cve.org/CVERecord?id=CVE-2022-38222 - https://www.cve.org/CVERecord?id=CVE-2022-38334 - https://www.cve.org/CVERecord?id=CVE-2022-38928 - https://www.cve.org/CVERecord?id=CVE-2022-41842 - https://www.cve.org/CVERecord?id=CVE-2022-41843 - https://www.cve.org/CVERecord?id=CVE-2022-41844 - https://www.cve.org/CVERecord?id=CVE-2022-43071 - https://www.cve.org/CVERecord?id=CVE-2022-43295 - https://www.cve.org/CVERecord?id=CVE-2022-45586 - https://www.cve.org/CVERecord?id=CVE-2022-45587 - https://www.cve.org/CVERecord?id=CVE-2023-2662 - https://www.cve.org/CVERecord?id=CVE-2023-2663 - https://www.cve.org/CVERecord?id=CVE-2023-2664 - https://www.cve.org/CVERecord?id=CVE-2023-3044 - https://www.cve.org/CVERecord?id=CVE-2023-3436 SRPMS: - 9/core/xpdf-4.05-1.mga9 . Newly released xpdf updates for Mageia resolve various security vulnerabilities, including improper memory access and potential integer overflows.. xpdf Security Update,Memory Access Bug,PDF Processing Issue,Mageia Advisory. . Severity: Important. LinuxSecurity.com Team
Feb 10, 2024
•Important
Mageia
99
security advisorycritical issuesecurity fixSlackware 15.0: 2024-040-01 Critical: Xpdf Security Update
New xpdf packages are available for Slackware 15.0 and -current to fix security issues. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] xpdf (SSA:2024-040-01) New xpdf packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/xpdf-4.05-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Fixed a bug in the ICCBased color space parser that was allowing the number of components to be zero. Thanks to huckleberry for the bug report. Fixed a bug in the ICCBased color space parser that was allowing the number of components to be zero. Thanks to huckleberry for the bug report. Added checks for PDF object loops in AcroForm::scanField(), Catalog::readPageLabelTree2(), and Catalog::readEmbeddedFileTree(). The zero-width character problem can also happen if the page size is very large -- that needs to be limited too, the same way as character position coordinates. Thanks to jlinliu for the bug report. Add some missing bounds check code in DCTStream. Thanks to Jiahao Liu for the bug report. Fix a deadlock when an object stream's length field is contained in another object stream. Thanks to Jiahao Liu for the bug report. For more information, see: https://www.cve.org/CVERecord?id=CVE-2023-2662 https://www.cve.org/CVERecord?id=CVE-2023-2662 https://www.cve.org/CVERecord?id=CVE-2018-7453 https://www.cve.org/CVERecord?id=CVE-2018-16369 https://www.cve.org/CVERecord?id=CVE-2022-36561 https://www.cve.org/CVERecord?id=CVE-2022-41844 https://www.cve.org/CVERecord?id=CVE-2023-2663 https://www.cve.org/CVERecord?id=CVE-2023-2664 https://www.cve.org/CVERecord?id=CVE-2023-3044 https://www.cve.org/CVERecord?id=CVE-2023-3436 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open SourceLab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xpdf-4.05-i586-1_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xpdf-4.05-x86_64-1_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/xpdf-4.05-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/xpdf-4.05-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: f7667c53e498407c734c0aa48041b27c xpdf-4.05-i586-1_slack15.0.txz Slackware x86_64 15.0 package: 18ea58703d2516ecac8a126092297d99 xpdf-4.05-x86_64-1_slack15.0.txz Slackware -current package: 20ccc8259c8b7d0c48c857e749766d5f xap/xpdf-4.05-i586-1.txz Slackware x86_64 -current package: 335e2ea6a54d540a95754c619b6a5e3b xap/xpdf-4.05-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg xpdf-4.05-i586-1_slack15.0.txz +-----+ . Updated xpdf packages are now available for Slackware 15.0 and the -current branch, rectifying significant security vulnerabilities.. Slackware Security Fix,Xpdf Update,Linux Security Package,Software Upgrade,Patches for Slackware. . Severity: Critical. LinuxSecurity.com Team
Feb 09, 2024
•Critical
Slackware
203
security advisorycriticalcode executionMageia 8: MGASA-2022-0320 Critical: Xpdf Integer Overflow Threat
In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. (CVE-2022-24106) . MGASA-2022-0320 - Updated xpdf packages fix security vulnerability Publication date: 07 Sep 2022 URL: https://advisories.mageia.org/MGASA-2022-0320.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-24106, CVE-2022-24106, CVE-2022-38171 In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. (CVE-2022-24106) Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. (CVE-2022-24107) Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. (CVE-2022-38171) References: - https://bugs.mageia.org/show_bug.cgi?id=30804 - http://www.xpdfreader.com/security-fixes.html - https://www.cve.org/CVERecord?id=CVE-2022-24106 - https://www.cve.org/CVERecord?id=CVE-2022-24106 - https://www.cve.org/CVERecord?id=CVE-2022-38171 SRPMS: - 8/core/xpdf-4.04-1.mga8 . Revised Fedora xpdf modules address significant vulnerabilities tied to integer overflows and image handling defects.. Mageia Security Update, Xpdf Vulnerability, Integer Overflow, JPEG Decoder Issue. . Severity: Critical. LinuxSecurity.com Team
Sep 07, 2022
•Critical
Mageia
203
security advisorysecurity updatecriticalMageia 7, 8: MGASA-2021-0112 Critical: Xpdf Heap Use After Free
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack-> cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font (CVE-2020-25725). . MGASA-2021-0112 - Updated xpdf packages fix security vulnerabilities Publication date: 04 Mar 2021 URL: https://advisories.mageia.org/MGASA-2021-0112.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2020-25725, CVE-2020-35376 In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack-> cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font (CVE-2020-25725). Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function (CVE-2020-35376). References: - https://bugs.mageia.org/show_bug.cgi?id=28474 - https://lists.fedoraproject.org/archives/list/
Mar 04, 2021
•Critical
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!