XPDF StreamPredictor Remote Heap Buffer Overflow Vulnerability

The 'xpdf' viewer is reported prone to a remote buffer-overflow vulnerability. This issue exists because the application fails to perform proper boundary checks before copying user-supplied data into process buffers. A remote attacker may execute arbitrary code in the context of a user running the application. As a result, the attacker can gain unauthorized access to the vulnerable computer.

This issue is reported to present itself in the 'StreamPredictor::StreamPredictor' function residing in the 'xpdf/Stream.cc' file.

This issue is reported to affect xpdf 3.01, but earlier versions are likely prone to this vulnerability as well. Applications using embedded xpdf code may also be vulnerable.

The 'pdftohtml' utility also includes vulnerable versions of xpdf. This issue affects pdftohtml 0.36; earlier versions may also be affected.

The 'kpdf' viewer reportedly incorporates vulnerable xpdf code. This issue affects kpdf 0.5; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus