A buffer overflow has been found in the xpdf viewer. An insufficient input validation of the encryption key length could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code with the user’s privileges.
The Common UNIX Printing System (CUPS) uses the same code to print PDF files. In this case, this bug could be exploited to gain the privileges of the CUPS print server (by default, user cupsys).
19 January 2005
A security issue affects these releases of Ubuntu and its derivatives:
A buffer overflow has been found in the xpdf viewer. An insufficient input validation of the encryption key length could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code with the user’s privileges.
The Common UNIX Printing System (CUPS) uses the same code to print PDF files. In this case, this bug could be exploited to gain the privileges of the CUPS print server (by default, user cupsys).
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Vulmon