Foolabs Xpdf contains a denial of service vulnerability caused by the t1lib library incorrectly parsing Type 1 fonts.
According to Foolabs: Xpdf is an open source viewer for Portable Document Format (PDF) files. (These are sometimes also called 'Acrobat' files, from the name of Adobe's PDF software.) The Xpdf project also includes a PDF text extractor, PDF-to-PostScript converter, and various other utilities. Foolabs Xpdf contains a denial of service vulnerability caused by the t1lib library incorrectly parsing Type 1 fonts. This vulnerability may allow an attacker to execute arbitrary code.
A remote attacker can cause the device to crash and may be able to execute arbitrary code.
The vendor has stated they will stop using t1lib in their product and users should build Xpdf without t1lib.
To build Xpdf without t1lib, add the "--with-t1-library=no" flag to the
Thanks to Jonathan Brossard for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2011-03-21|
|Date Last Updated:||2011-04-05 13:44 UTC|