Secunia Research reports:
Secunia Research has discovered some vulnerabilities in Xpdf,
which can be exploited by malicious people to compromise a user's
system.
- An array indexing error within the
"DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc
can be exploited to corrupt memory via a specially crafted PDF
file.
- An integer overflow error within the "DCTStream::reset()"
method in xpdf/Stream.cc can be exploited to cause a heap-based
buffer overflow via a specially crafted PDF file.
- A boundary error within the "CCITTFaxStream::lookChar()" method
in xpdf/Stream.cc can be exploited to cause a heap-based buffer
overflow by tricking a user into opening a PDF file containing a
specially crafted "CCITTFaxDecode" filter.
Successful exploitation may allow execution of arbitrary code.