DSA-1548 xpdf -- several vulnerabilitiesID: oval:org.mitre.oval:def:7493 | Date: (C)2009-12-15 (M)2023-02-13 |
Class: PATCH | Family: unix |
Kees Cook discovered a vulnerability in xpdf, a set of tools for display and conversion of Portable Document Format (PDF) files. The Common Vulnerabilities and Exposures project identifies the following problem: Xpdf"s handling of embedded fonts lacks sufficient validation and type checking. If a maliciously crafted PDF file is opened, the vulnerability may allow the execution of arbitrary code with the privileges of the user running xpdf.