|
|
Family: Red Hat Local Security Checks --> Category: infos
RHSA-2002-307: xpdf Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the xpdf packages
Detailed Explanation for this Vulnerability Test
Updated Xpdf packages are available to fix a vulnerability where a
malicious PDF document could run arbitrary code.
[Updated 06 Feb 2003]
Added fixed packages for Advanced Workstation 2.1
Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files.
During an audit of CUPS, a printing system, Zen Parsec found an integer
overflow vulnerability in the pdftops filter. Since the code for pdftops
is taken from the Xpdf project, all versions of Xpdf including 2.01 are
also vulnerable to this issue. A possible hacker could create a malicious PDF
file that would execute arbitrary code as the user who used Xpdf to view
it.
All users of Xpdf are advised to upgrade to these errata packages which
contain a patch to correct this issue.
Solution : http://rhn.redhat.com/errata/RHSA-2002-307.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
