Ubuntu
xpdf package

  1. Bug #12059
  2. Comment #3

Comment 3 for bug 12059

Revision history for this message
In , Martin Schulze (joey-infodrom) wrote : Re: Bug#291266: vulnerable to CAN-2005-0064

Joey Hess wrote:
> xpdf is vulnerable to a buffer overflow that can be exploited by
> malicious pdfs to execute arbitrary code. The hole is described here:
> http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities&flashstatus=false
>
> I've attached a patch that adds bounds checking to close the hole.

For the unstable distribution (sid) this problem has been fixed in
version 3.00-12.

It's in Incoming already.

Just FYI.

Regards,

 Joey

--
Ten years and still binary compatible. -- XFree86

Please always Cc to me when replying to me on the lists.