Updated Xpdf packages are now available that fix a vulnerability in which a maliciously-crafted pdf document could run arbitrary code.
Xpdf is a viewer for Portable Document Format (PDF) files. During an audit of CUPS, a printing system, Zen Parsec found an integer overflow vulnerability in the pdftops filter. Since the code for pdftops is taken from the Xpdf project, all versions of Xpdf including 2.01 are also vulnerable to this issue. An attacker could create a PDF file that could execute arbitrary code. This could would have the same access privileges as the user who viewed the file with Xpdf. All users of Xpdf are advised to upgrade to these erratum packages. For Red Hat Linux 8.0 we have included new packages based on Xpdf 1.01 with a patch to correct this issue. For Red Hat Linux 7.0, 7.1, 7.2, and 7.3 we have upgraded Xpdf to version 1.00 with a patch to correct this issue. For Red Hat Linux 6.2 we have upgraded Xpdf to version 0.92 with a patch to correct this issue.