Security holes in many PDF components

Aug 02, 2007

Nils Magnus

A bug in the Xpdf 3.02 source code can cause the PDF viewer to crash. Programs that use Xpdf code are affected.

The bug, which has the CVE ID CVE-2007-3387 and is caused by incorrect memory allocation checking in the "StreamPredictor" class constructor. The security hole, which was discovered by Xpdf developer Derek Noonburg himself, would theoretically give an attacker the ability to run code with the privileges of the user running the program. However, a PDF document capable of executing malicious code is unknown at the present

The developers advise users to update PDF Viewer and any programs containing Xpdf code. Candidates include various KDE components such as Kpdf and Koffice. The Gnome desktop environment with its Poppler PDF library is also affected. The KDE project has published source code patches, and several Linux distributions have already built updated packages.

Related content

Security Issues in Xpdf Make Waves

In the past, security bugs in the Xpdf PDF viewer have endangered Linux systems time and again, and projects that use Xpdf code are also affected.

more »
Webconverger 4.7 with Firewall and Adobe Reader

Webconverger, a Linux distro to drive web kiosk systems, is now available in version 4.7. Some updates improve its security.

more »
Fix for Security Hole in Android G1

In one fell swoop and with an automatically distributed patch, Google and T-Mobile fixed a problem with the G1 mobile phone whereby users could access root privileges and possibly raise all kinds of havoc.

more »
Relaxed Flash: Blitzableiter Checks for Malicious Flash Files

On stimulus from the German Federal Agency for Information Security (BSI), Felix "FX" Lindner of the Phenoelit hacker group investigated the security of Flash object code. The result is a free protection program with the name Blitzableiter ("lightning rod").

more »
Poppler PDF library learns Javascript

Poppler, a library for rendering PDF data, was released in its developer version as 0.9.0. For the first time it enables interactive documents using Javascript.

more »

comments powered by Disqus

Issue 262/2022

Buy this issue as a PDF

Digital Issue: Price $12.99

(incl. VAT)

News

Kali Linux 2022.3 Released

From the creators of the most popular penetration testing distributions on the planet, comes a new release with some new tools and a community, real-time chat option.
The 14" Pinebook Pro Linux Laptop is Shipping

After a considerable delay, the 14" version of the Pinebook Pro laptop is, once again, available for purchase.
OpenMandriva Lx ROME Technical Preview Released

OpenMandriva’s rolling release distribution technical preview has been released for testing purposes and adds some of the latest/greatest software into the mix.
Linux Mint 21 is Now Available

Linux mint , Linux Mint

The latest iteration of Linux Mint, codenamed Vanessa, has been released with a new upgrade tool and other fantastic features.
Firefox Adds Long-Anticipated Feature

Firefox 103 has arrived and it now includes a feature users have long awaited…sort of.
System76 Refreshes Their Popular Oryx Pro Laptop with a New CPU

The System76 Oryx Pro laptop has been relaunched with a 12th Gen CPU and more powerful graphics options.
Elive Has Released a New Beta

The Elive team is proud to announce the latest beta version (3.8.30) of its Enlightenment-centric Linux distribution.
Rocky Linux 9 Has Arrived

The latest iteration of Rocky Linux is now available and includes a host of new features and support for new architecture.
Slimbook Executive Linux Ultrabook Upgrading Their CPUs

The Spanish-based company, Slimbook, has made available their next generation Slimbook Executive Linux ultrabooks with a 12th Gen Intel Alder Lake CPU.
Fedora Linux is Coming to the Raspberry Pi 4

Thanks to significant work in the upstream, the upcoming release of Fedora 37 will introduce support for the Raspberry Pi 4.

Security holes in many PDF components

Related content

Issue 262/2022

Buy this issue as a PDF

News

Tag Cloud