First published: Wed Apr 15 2009(Updated: )
An invalid free() flaw was found in xpdf's JBIG2 decoder. If a malicious PDF file could free() attacker controlled data, it may be possible to execute arbitrary code with the permissions of the user running xpdf. Will Dormann of the CERT/CC created the extensive testsuite for the JBIG2 decoder in various PDF libraries that found this flaw. Acknowledgements: Red Hat would like to thank Will Dormann of the CERT/CC for responsibly reporting this flaw.
Affected Software | Affected Version | How to fix |
---|---|---|
Xpdf |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of REDHAT-BUG-495892 is high due to the potential for arbitrary code execution.
To fix REDHAT-BUG-495892, update xpdf to the latest version that addresses the JBIG2 decoder flaw.
The potential impacts of REDHAT-BUG-495892 include system compromise and unauthorized access to sensitive information.
xpdf versions prior to the latest patched release may be affected by REDHAT-BUG-495892.
Will Dormann of CERT/CC reported the vulnerability REDHAT-BUG-495892.