XPDF DoImage Remote Buffer Overflow Vulnerability

The xpdf utility is reported prone to a remote buffer-overflow vulnerability. This issue exists because the applications fails to perform proper boundary checks before copying user-supplied data into process buffers. A remote attacker may execute arbitrary code in the context of a user running the application. As a result, the attacker can gain unauthorized access to the vulnerable computer.

An attacker can exploit this issue by enticing a vulnerable user to open a malformed PDF file. If the application is configured as the default handler for PDF files, this could present a viable web or email attack vector, because when the PDF is clicked from an appropriate client application, xpdf will automatically be invoked.

This issue is reported to affect xpdf 3.00, but earlier versions are likely prone to this vulnerability as well. Applications using embedded xpdf code may be vulnerable to these issues as well.


Privacy Statement
Copyright 2010, SecurityFocus