Security holes in many PDF components

Aug 02, 2007

Nils Magnus

A bug in the Xpdf 3.02 source code can cause the PDF viewer to crash. Programs that use Xpdf code are affected.

The bug, which has the CVE ID CVE-2007-3387 and is caused by incorrect memory allocation checking in the "StreamPredictor" class constructor. The security hole, which was discovered by Xpdf developer Derek Noonburg himself, would theoretically give an attacker the ability to run code with the privileges of the user running the program. However, a PDF document capable of executing malicious code is unknown at the present

The developers advise users to update PDF Viewer and any programs containing Xpdf code. Candidates include various KDE components such as Kpdf and Koffice. The Gnome desktop environment with its Poppler PDF library is also affected. The KDE project has published source code patches, and several Linux distributions have already built updated packages.

Related content

Security Issues in Xpdf Make Waves

In the past, security bugs in the Xpdf PDF viewer have endangered Linux systems time and again, and projects that use Xpdf code are also affected.

more »
Webconverger 4.7 with Firewall and Adobe Reader

Webconverger, a Linux distro to drive web kiosk systems, is now available in version 4.7. Some updates improve its security.

more »
Fix for Security Hole in Android G1

In one fell swoop and with an automatically distributed patch, Google and T-Mobile fixed a problem with the G1 mobile phone whereby users could access root privileges and possibly raise all kinds of havoc.

more »
Relaxed Flash: Blitzableiter Checks for Malicious Flash Files

On stimulus from the German Federal Agency for Information Security (BSI), Felix "FX" Lindner of the Phenoelit hacker group investigated the security of Flash object code. The result is a free protection program with the name Blitzableiter ("lightning rod").

more »
Poppler PDF library learns Javascript

Poppler, a library for rendering PDF data, was released in its developer version as 0.9.0. For the first time it enables interactive documents using Javascript.

more »

comments powered by Disqus

Issue 268/2023

Buy this issue as a PDF

Digital Issue: Price $12.99

(incl. VAT)

Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs

News

LibreOffice 7.5 has Arrived and is Loaded with New Features and Improvements

The favorite office suite of the Linux community has a new release that includes some visual refreshing and new features across all modules.
The Next Major Release of Elementary OS Has Arrived

It's been over a year since the developers of elementary OS released version 6.1 (Jólnir) but they've finally made their latest release (Horus) available with a renewed focus on the user.
KDE Plasma 5.27 Beta Is Ready for Testing

The latest beta iteration of the KDE Plasma desktop is now available and includes some important additions and fixes.
Netrunner OS 23 Is Now Available

The latest version of this Linux distribution is now based on Debian Bullseye and is ready for installation and finally hits the KDE 5.20 branch of the desktop.
New Linux Distribution Built for Gamers

With a Gnome desktop that offers different layouts and a custom kernel, PikaOS is a great option for gamers of all types.
System76 Beefs Up Popular Pangolin Laptop

The darling of open-source-powered laptops and desktops will soon drop a new AMD Ryzen 7-powered version of their popular Pangolin laptop.
Nobara Project Is a Modified Version of Fedora with User-Friendly Fixes

If you're looking for a version of Fedora that includes third-party and proprietary packages, look no further than the Nobara Project.
Gnome 44 Now Has a Release Date

Gnome 44 will be officially released on March 22, 2023.
Nitrux 2.6 Available with Kernel 6.1 and a Major Change

The developers of Nitrux have officially released version 2.6 of their Linux distribution with plenty of new features to excite users.
Vanilla OS Initial Release Is Now Available

A stock GNOME experience with on-demand immutability finally sees its first production release.