[Linux-users] Xpdf -- Multiple Integer Overflow Vulnerabilities
Robert Lukens
rlukens at jlab.org
Mon Oct 19 15:57:48 EDT 2009
FYI.
-------- Original Message --------
Subject: DOE-CIRC BULLETIN T-252: Xpdf Multiple Integer Overflow
Vulnerabilities
Date: Fri, 16 Oct 2009 08:09:09 -0700
From: DOE-CIRC Henry Hutson <henry.hutson at doecirc.energy.gov>
To: doe-circ_notices at doecirc.energy.gov
This mailbox is for distribution purposes only; it is not monitored and
replies will not be read. Please contact the DOE-CIRC at
doecirc at doecirc.energy.gov or 1-866-941-2472 if you are in need of
assistance
__________________________________________________________
The U.S. Department of Energy
Cyber Incident Response Capability
__________________________________________________________
TECHNICAL BULLETIN
Xpdf Multiple Integer Overflow Vulnerabilities
Oct. 16, 2009 14:00 GMT Number DOECIRC
T-252
______________________________________________________________________________
PROBLEM: Several vulnerabilities were reported in Xpdf. A remote user
can cause arbitrary code to be executed on the target
user's
system.
PLATFORM: Xpdf 3.0 pl3 and all previous editions
ABSTRACT: A remote user can create a specially crafted PDF file that,
when loaded by the target user, will trigger an integer
overflow and execute arbitrary code on the target
system. The
code will run with the privileges of the target user.
______________________________________________________________________________
LINKS:
DOE-CIRC BULLETIN: http://www.doecirc.energy.gov/bulletins/t-252.shtml
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Attached Message Part
Url: https://mailman.jlab.org/pipermail/linux-users/attachments/20091019/dd61a334/attachment.pl
More information about the Linux-users
mailing list