Updated Xpdf packages are available that fix a vulnerability where a malicious PDF document could run arbitrary code. [Updated 16 July 2003] Updated packages are now available, as the original errata packages did not fix all possible ways of exploiting this vulnerability.
Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Martyn Gilmore discovered a flaw in various PDF viewers and readers. An attacker can embed malicious external-type hyperlinks that, if activated or followed by a victim, can execute arbitrary shell commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0434 to this issue. All users of Xpdf are advised to upgrade to these errata packages, which contain a backported security patch that corrects this issue.