Secunia

Some vulnerabilities have been reported in Xpdf, which can be exploited by malicious people to potentially compromise a user's system.

1) Multiple integer overflows in "SplashBitmap::SplashBitmap()" can be exploited to cause heap-based buffer overflows.

2) An integer overflow error in "ObjectStream::ObjectStream()" can be exploited to cause a heap-based buffer overflow.

3) Multiple integer overflows in "Splash::drawImage()" can be exploited to cause heap-based buffer overflows.

4) An integer overflow error in "PSOutputDev::doImageL1Sep()" can be exploited to cause a heap-based buffer overflow when converting a PDF document to a PS file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code by tricking a user into opening a specially crafted PDF file.

NOTE: An integer overflow error in "ImageStream::ImageStream()" which results in a crash has also been reported.

The vulnerabilities are reported in versions prior to 3.02pl4.

Solution
Apply vendor patch:
Further details available in Customer Area

Provided and/or discovered by
2) Red Hat credits Chris Rohlf.
3) Adam Zabrocki

Changelog
Further details available in Customer Area

Original Advisory
Red Hat Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=526915
https://bugzilla.redhat.com/show_bug.cgi?id=526637
https://bugzilla.redhat.com/show_bug.cgi?id=526911
https://bugzilla.redhat.com/show_bug.cgi?id=526877
https://bugzilla.redhat.com/show_bug.cgi?id=526893

Adam Zabrocki:
http://site.pi3.com.pl/adv/xpdf.txt

Deep Links
Links available in Customer Area