This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities were discovered and corrected in xpdf :
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5,
allows context-dependent attackers to cause a denial of service
(crash) via unknown vectors that trigger an uninitialized pointer
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser
in xpdf before 3.02pl5, allows context-dependent attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
PDF file with a crafted Type1 font that contains a negative array
index, which bypasses input validation and which triggers memory
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
The updated packages have been patched to correct these issues.
Update the affected xpdf and / or xpdf-common packages.
Risk factor :
Medium / CVSS Base Score : 6.8