|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200602-04] Xpdf, Poppler: Heap overflow Vulnerability Scan
Vulnerability Scan Summary Xpdf, Poppler: Heap overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200602-04
(Xpdf, Poppler: Heap overflow)
Dirk Mueller has reported a vulnerability in Xpdf. It is caused by
a missing boundary check in the splash rasterizer engine when handling
PDF splash images with overly large dimensions.
Impact
By sending a specially crafted PDF file to a victim, a possible hacker
could cause an overflow, potentially resulting in the execution of
arbitrary code with the rights of the user running the application.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0301
Solution:
All Xpdf users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r7"
All Poppler users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/poppler-0.5.0-r4"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|