Xpdf is "an open source viewer for Portable Document Format (PDF) files. (These are also sometimes also called 'Acrobat' files, from the name of Adobe's PDF software.) The Xpdf project also includes a PDF text extractor, PDF-to-PostScript converter, and various other utilities." Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system.
Vulnerable Systems:
* Xpdf version 3.02 with xpdf-3.02pl1.patch
1) An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.
2) An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
3) A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter.
Successful exploitation may allow execution of arbitrary code.
Time Table:
17/10/2007 - Vendor notified.
22/10/2007 - vendor-sec notified.
19/10/2007 - Vendor response.
07/11/2007 - Public disclosure.
