‘XPDF arbitrary Arbitrary Code Execution Vulnerabilities’
‘The information has been provided by Jonathan Brossard.
The original article can be found at: http://www.toucan-system.eu/advisories/tssa-2011-01.txt‘
* Xpdf versions up to 3.02pl5
* Xpdf version 3.02pl6
The linux version of xpdf is linked against t1lib, which is vulnerable to multiple vulnerabilities including off by ones, integer overflows and heap corruptions. At least one of those is exploitable and allows arbitrary code to be executed on the target machine when opening a specially crafted pdf file.
When parsing specially crafted Type 1 fonts, the t1lib library is subject to several memory corruption vulnerabilities.
Date Published: 28/03/2011
Last Update: 28/03/2011′