XPDF DCTStream Progressive Remote Heap Buffer Overflow Vulnerability
The 'xpdf' utility is reported prone to a remote buffer-overflow vulnerability. This issue exists because the application fails to perform proper boundary checks before copying user-supplied data into process buffers. A remote attacker may execute arbitrary code in the context of a user running the application. As a result, the attacker can gain unauthorized access to the vulnerable computer.
Reportedly, this issue presents itself in the 'DCTStream::readProgressiveSOF' function residing in the 'xpdf/Stream.cc' file.
This issue is reported to affect xpdf 3.01, but earlier versions are likely vulnerable as well. Applications using embedded xpdf code may also be vulnerable.
The 'pdftohtml' utility also includes vulnerable versions of xpdf. This issue affects pdftohtml 0.36; earlier versions may also be affected.
Th 'kpdf' utility reportedly incorporates vulnerable xpdf code. This issue affects kpdf 0.5; other versions may also be affected.