[Linux-users] Xpdf -- Multiple Integer Overflow Vulnerabilities

Arne Freyberger freyberg at jlab.org
Mon Oct 19 16:00:06 EDT 2009 

Can we now go back to postscript files as a lab standard?
Arne

On 10/19/2009 03:57 PM, Robert Lukens wrote:
> FYI.
>
> -------- Original Message --------
> Subject: DOE-CIRC BULLETIN T-252: Xpdf Multiple Integer Overflow
> Vulnerabilities
> Date: Fri, 16 Oct 2009 08:09:09 -0700
> From: DOE-CIRC Henry Hutson<henry.hutson at doecirc.energy.gov>
> To: doe-circ_notices at doecirc.energy.gov
>
> This mailbox is for distribution purposes only; it is not monitored and
> replies will not be read.  Please contact the DOE-CIRC at
> doecirc at doecirc.energy.gov or 1-866-941-2472 if you are in need of
> assistance
>
>
>               __________________________________________________________
>
>                             The U.S. Department of Energy
>                          Cyber Incident Response Capability
>               __________________________________________________________
>
>                                TECHNICAL BULLETIN
>                    Xpdf Multiple Integer Overflow Vulnerabilities
>
> Oct. 16, 2009 14:00 GMT                                   Number DOECIRC
> T-252
> ______________________________________________________________________________
> PROBLEM:  	Several vulnerabilities were reported in Xpdf. A remote user
>                  can cause arbitrary code to be executed on the target
> user's
>                  system.
>
> PLATFORM: 	Xpdf 3.0 pl3 and all previous editions
>
> ABSTRACT: 	A remote user can create a specially crafted PDF file that,
>                  when loaded by the target user, will trigger an integer
>                  overflow and execute arbitrary code on the target
> system. The
>                  code will run with the privileges of the target user.
> ______________________________________________________________________________
> LINKS:
>
> DOE-CIRC BULLETIN:  http://www.doecirc.energy.gov/bulletins/t-252.shtml
>
>    
>
>
> _______________________________________________
> Linux-users mailing list
> Linux-users at jlab.org
> https://mailman.jlab.org/mailman/listinfo/linux-users


-- 
Arne Freyberger
Director Operations Department
Jefferson Lab           Phone: (757) 269-6268
12000 Jefferson Avenue  Pager: (757) 584-6268
Newport News, VA 23606  Email:  freyberg at jlab.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.jlab.org/pipermail/linux-users/attachments/20091019/750925e6/attachment.html

More information about the Linux-users mailing list