USN-48-1: xpdf, tetex-bin vulnerabilities

23 December 2004

xpdf, tetex-bin vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 4.10

Software Description

Details

A potential buffer overflow has been found in the xpdf viewer. An insufficient input validation could be exploited by an attacker providing a specially crafted PDF file which, when processed by xpdf, could result in abnormal program termination or the execution of attacker supplied program code with the user’s privileges.

The tetex-bin package contains the affected xpdf code to generate PDF output and process included PDF files, thus is vulnerable as well.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10
tetex-bin
xpdf-reader
xpdf-utils

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References