Security holes in many PDF components

Aug 02, 2007

Nils Magnus

A bug in the Xpdf 3.02 source code can cause the PDF viewer to crash. Programs that use Xpdf code are affected.

The bug, which has the CVE ID CVE-2007-3387 and is caused by incorrect memory allocation checking in the "StreamPredictor" class constructor. The security hole, which was discovered by Xpdf developer Derek Noonburg himself, would theoretically give an attacker the ability to run code with the privileges of the user running the program. However, a PDF document capable of executing malicious code is unknown at the present

The developers advise users to update PDF Viewer and any programs containing Xpdf code. Candidates include various KDE components such as Kpdf and Koffice. The Gnome desktop environment with its Poppler PDF library is also affected. The KDE project has published source code patches, and several Linux distributions have already built updated packages.

Related content

Security Issues in Xpdf Make Waves

In the past, security bugs in the Xpdf PDF viewer have endangered Linux systems time and again, and projects that use Xpdf code are also affected.

more »
Webconverger 4.7 with Firewall and Adobe Reader

Webconverger, a Linux distro to drive web kiosk systems, is now available in version 4.7. Some updates improve its security.

more »
Fix for Security Hole in Android G1

In one fell swoop and with an automatically distributed patch, Google and T-Mobile fixed a problem with the G1 mobile phone whereby users could access root privileges and possibly raise all kinds of havoc.

more »
Relaxed Flash: Blitzableiter Checks for Malicious Flash Files

On stimulus from the German Federal Agency for Information Security (BSI), Felix "FX" Lindner of the Phenoelit hacker group investigated the security of Flash object code. The result is a free protection program with the name Blitzableiter ("lightning rod").

more »
Poppler PDF library learns Javascript

Poppler, a library for rendering PDF data, was released in its developer version as 0.9.0. For the first time it enables interactive documents using Javascript.

more »

comments powered by Disqus

Issue 252/2021

Buy this issue as a PDF

Digital Issue: Price $12.99

(incl. VAT)

News

Fedora 35 is Shaping Up to Be an Impressive Release

fedora , Fedora

Although the beta version of Fedora’s upcoming release is behind schedule, the Linux distribution is still slotted for October and will include numerous bug fixes and some exciting new features.
Canonical Extends Support For Ubuntu 14.04 and 16.04

The company behind Ubuntu offered a much-needed lifeline to those who still depend on older versions of the open-source operating system.
GNOME 41 Has Arrived

The latest version of the GNOME desktop environment has been released with new functionality and plenty of improvements.
System76 Updates the 15" Pangolin with Ryzen

System76 announced they’re updating the Ryzen-powered Pangolin laptop to meet today’s need for more power.
KDE Plasma 5.23 Promises Plenty of Subtle Improvements

The next release of the KDE Plasma desktop includes new features, numerous improvements, and plenty of bug fixes.
GNOME 41 Beta is Now Available

The most popular open-source desktop environment is on the cusp of yet another new release, but don’t expect the massive changes found in the previous iteration.
Debian 11 “Bullseye” Now Available

The developers of Debian have released the latest version of the operating system so many distributions depend on.
Elementary OS 6 Odin Now Available

The developers of elementary OS have released their latest iteration which is all-in on Flatpaks and all about the user experience.
Kubuntu Focus Team Announces High-Performance Focus XE

The team behind the KDE-powered Linux laptops is now offering an ultra-portable laptop that doesn't skimp on performance.
Solus 4.3 Available for Download and Installation

The latest iteration from the Solus developers is out with kernel 5.13 and plenty of new features, bug fixes, and new hardware support.

Security holes in many PDF components

Related content

Issue 252/2021

Buy this issue as a PDF

News

Tag Cloud