Rapid7 Vulnerability & Exploit Database

RHSA-2003:037: Updated Xpdf packages fix security vulnerability

Back to Search

RHSA-2003:037: Updated Xpdf packages fix security vulnerability

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
01/02/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated Xpdf packages are now available that fix a vulnerability in which a maliciously-crafted pdf document could run arbitrary code.

Xpdf is a viewer for Portable Document Format (PDF) files. During an audit of CUPS, a printing system, Zen Parsec found an integer overflow vulnerability in the pdftops filter. Since the code for pdftops is taken from the Xpdf project, all versions of Xpdf including 2.01 are also vulnerable to this issue. An attacker could create a PDF file that could execute arbitrary code. This could would have the same access privileges as the user who viewed the file with Xpdf. All users of Xpdf are advised to upgrade to these erratum packages. For Red Hat Linux 8.0 we have included new packages based on Xpdf 1.01 with a patch to correct this issue. For Red Hat Linux 7.0, 7.1, 7.2, and 7.3 we have upgraded Xpdf to version 1.00 with a patch to correct this issue. For Red Hat Linux 6.2 we have upgraded Xpdf to version 0.92 with a patch to correct this issue.

Solution(s)

  • redhat-upgrade-xpdf
  • redhat-upgrade-xpdf-chinese-simplified
  • redhat-upgrade-xpdf-chinese-traditional
  • redhat-upgrade-xpdf-japanese
  • redhat-upgrade-xpdf-korean

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;