Security holes in many PDF components

Aug 02, 2007

Nils Magnus

A bug in the Xpdf 3.02 source code can cause the PDF viewer to crash. Programs that use Xpdf code are affected.

The bug, which has the CVE ID CVE-2007-3387 and is caused by incorrect memory allocation checking in the "StreamPredictor" class constructor. The security hole, which was discovered by Xpdf developer Derek Noonburg himself, would theoretically give an attacker the ability to run code with the privileges of the user running the program. However, a PDF document capable of executing malicious code is unknown at the present

The developers advise users to update PDF Viewer and any programs containing Xpdf code. Candidates include various KDE components such as Kpdf and Koffice. The Gnome desktop environment with its Poppler PDF library is also affected. The KDE project has published source code patches, and several Linux distributions have already built updated packages.

Related content

Security Issues in Xpdf Make Waves

In the past, security bugs in the Xpdf PDF viewer have endangered Linux systems time and again, and projects that use Xpdf code are also affected.

more »
Webconverger 4.7 with Firewall and Adobe Reader

Webconverger, a Linux distro to drive web kiosk systems, is now available in version 4.7. Some updates improve its security.

more »
Fix for Security Hole in Android G1

In one fell swoop and with an automatically distributed patch, Google and T-Mobile fixed a problem with the G1 mobile phone whereby users could access root privileges and possibly raise all kinds of havoc.

more »
Relaxed Flash: Blitzableiter Checks for Malicious Flash Files

On stimulus from the German Federal Agency for Information Security (BSI), Felix "FX" Lindner of the Phenoelit hacker group investigated the security of Flash object code. The result is a free protection program with the name Blitzableiter ("lightning rod").

more »
Poppler PDF library learns Javascript

Poppler, a library for rendering PDF data, was released in its developer version as 0.9.0. For the first time it enables interactive documents using Javascript.

more »

comments powered by Disqus

Issue 242/2021

Buy this issue as a PDF

Digital Issue: Price $12.99

(incl. VAT)

News

Patreon Project Looks to Bring Linux to Apple Silicon

Developer Hector Martin has created a patreon page to fund his work on developing a port of Linux for Apple Silicon Macs.
A New Chrome OS-Like Ubuntu Remix is Now Available

Ubuntu Web looks to be your Chrome OS alternative.
System76 Refreshes the Galago Pro Laptop

Linux hardware maker has revamped one of their most popular laptops.
Dell Will Soon Enable Privacy Controls for Linux Hardware

Dell makes it possible for Linux users to disable webcams and microphones.
Linux Mint Unveils New Packages

Community , Linux

The Linux Mint team has announced it'll bring an official Chromium package to the distribution
Pop!_OS 20.10 Now Supports DEB822 Format

The Linux distribution from System 76 has converted over to the friendlier apt format.
Ubuntu 20.10 Now Supports Raspberry Pi

Ubuntu 20.10 is the first release from Canonical to support the Raspberry Pi single board computer.
A New Linux Distribution has been Released

Emperor-OS is a new Linux distribution focused on programming, developing, and data science.
Ubuntu Groovy Gorilla Beta Available

Ubuntu

The beta version for Ubuntu’s latest release is now available for testing.
Microsoft is Finally Set to Release Edge Browser for Linux

Chromium-based MS Edge browser will soon be available for testing on Linux.

Security holes in many PDF components

Related content

Issue 242/2021

Buy this issue as a PDF

News

Tag Cloud