A potential buffer overflow has been found in the xpdf viewer. An insufficient input validation could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code with the user’s privileges.
The tetex-bin package contains the affected xpdf code to generate PDF output and process included PDF files, thus is vulnerable as well.
23 December 2004
A security issue affects these releases of Ubuntu and its derivatives:
A potential buffer overflow has been found in the xpdf viewer. An insufficient input validation could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code with the user’s privileges.
The tetex-bin package contains the affected xpdf code to generate PDF output and process included PDF files, thus is vulnerable as well.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Vulmon