|
|
|
| Digg |
|
|
|
A bug in the Xpdf 3.02 source code can cause the PDF viewer to crash. Programs that use Xpdf code are affected.
The bug, which has the CVE ID CVE-2007-3387 and is caused by incorrect memory allocation checking in the "StreamPredictor" class constructor. The security hole, which was discovered by Xpdf developer Derek Noonburg himself, would theoretically give an attacker the ability to run code with the privileges of the user running the program. However, a PDF document capable of executing malicious code is unknown at the present
The developers advise users to update PDF Viewer and any programs containing Xpdf code. Candidates include various KDE components such as Kpdf and Koffice. The Gnome desktop environment with its Poppler PDF library is also affected. The KDE project has published source code patches, and several Linux distributions have already built updated packages.
|
|
|
| ApacheCon US video archive |
|---|
|
All about Apache in 19 talks Watch 19 talks from the ApacheCon US in New Orleans from the convenience of your home or office. Topics are: Scaling Apache 2.x in all dimensions, Securing Communications with your Apache HTTP Server, Scripting your Java Application with BSF 3.0 and much more. |
Comments