Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Red Hat Local Security Checks --> Category: infos

RHSA-2002-307: xpdf Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the xpdf packages

Detailed Explanation for this Vulnerability Test

Updated Xpdf packages are available to fix a vulnerability where a
malicious PDF document could run arbitrary code.

[Updated 06 Feb 2003]
Added fixed packages for Advanced Workstation 2.1

Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files.

During an audit of CUPS, a printing system, Zen Parsec found an integer
overflow vulnerability in the pdftops filter. Since the code for pdftops
is taken from the Xpdf project, all versions of Xpdf including 2.01 are
also vulnerable to this issue. A possible hacker could create a malicious PDF
file that would execute arbitrary code as the user who used Xpdf to view

All users of Xpdf are advised to upgrade to these errata packages which
contain a patch to correct this issue.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.