Joey Hess wrote: > xpdf is vulnerable to a buffer overflow that can be exploited by > malicious pdfs to execute arbitrary code. The hole is described here: > http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities&flashstatus=false > > I've attached a patch that adds bounds checking to close the hole.
For the unstable distribution (sid) this problem has been fixed in version 3.00-12.
It's in Incoming already.
Just FYI.
Regards,
Joey
-- Ten years and still binary compatible. -- XFree86
Please always Cc to me when replying to me on the lists.
Joey Hess wrote: www.idefense. com/application /poi/display? id=186& type=vulnerabil ities&flashstat us=false
> xpdf is vulnerable to a buffer overflow that can be exploited by
> malicious pdfs to execute arbitrary code. The hole is described here:
> http://
>
> I've attached a patch that adds bounds checking to close the hole.
For the unstable distribution (sid) this problem has been fixed in
version 3.00-12.
It's in Incoming already.
Just FYI.
Regards,
Joey
--
Ten years and still binary compatible. -- XFree86
Please always Cc to me when replying to me on the lists.