According to a report from Red Hat, two vulnerabilities in the free PDF reader Xpdf can be exploited via manipulated PDF documents to compromise a victim's system. The flaws are reportedly due to an uninitialised pointer and an array index error.
These problems extend to a number of applications that use the Xpdf code, including, poppler, CUPS, gPDF and KPDF. However, Red Hat hasn't released specific information about affected versions. Whether the document viewer Evince, which relies on poppler, is also affected is unknown.

The link for this article located at H Security is no longer available.