Xpdf Multiple Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in Xpdf, which could be exploited by attackers to compromise a vulnerable system.
1. Multiple integer overflows in "SplashBitmap::SplashBitmap()" can be exploited to cause heap-based buffer overflows.
2. An integer overflow error in "ObjectStream::ObjectStream()" can be exploited to cause a heap-based buffer overflow.
3. Multiple integer overflows in "Splash::drawImage()" can be exploited to cause heap-based buffer overflows.
4. An integer overflow error in "PSOutputDev::doImageL1Sep()" can be exploited to cause a heap-based buffer overflow when converting a PDF document to a PS file.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code by tricking a user into opening a specially crafted PDF file.
NOTE: An integer overflow error in "ImageStream::ImageStream()" which results in a crash has also been reported.
Impact
- Remote Code Execution
System / Technologies affected
- Xpdf prior to 3.02pl4
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Apply vendor patch:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch
Vulnerability Identifier
Source
Related Link
Share with