09 July 2008, 10:56
Critical vulnerability in libpoppler PDF rendering library
The Open Source Computer Emergency Response Team (oCERT) has warned of a critical vulnerability in open source PDF rendering library libpoppler. The library, which arose as a fork of xpdf 3.0, is used by PDF viewers including Evince, ePDFView and Okular. A memory management error when initialising the pageWidget object makes it possible to inject code onto a system using crafted PDF files and execute the code with the user's privileges.
All versions up to and including 0.8.4 are vulnerable. A source code patch to fix the problem is available. Some Linux distributors have already released updated packages. An official libpoppler update is scheduled for the end of July.
See also:
- libpoppler uninitialized pointer, Advisory from oCERT
- Poppler <= 0.8.4 libpoppler uninitialized pointer Code Execution PoC, Report from Felipe Andres Manzano
(trk)
Print Version | Send by email
| Permalink: http://h-online.com/-736425
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
