poppler -- integer overflow

ID DSA-1348
Type debian
Reporter Debian
Modified 2007-08-04T00:00:00


It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.

poppler includes a copy of the xpdf code and required an update as well.

The oldstable distribution (sarge) doesn't include poppler.

For the stable distribution (etch) this problem has been fixed in version 0.4.5-5.1etch1.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your poppler packages.