RHEL 2.1 : xpdf (RHSA-2003:197)
High Nessus Plugin ID 12402
SynopsisThe remote Red Hat host is missing a security update.
DescriptionUpdated Xpdf packages are available that fix a vulnerability where a malicious PDF document could run arbitrary code.
[Updated 21 July 2003] Updated packages are now available, as the original errata packages did not fix all possible ways of exploiting this vulnerability.
Xpdf is an X Window System based viewer for Portable Document Format (PDF) files.
Martyn Gilmore discovered a flaw in various PDF viewers and readers.
An attacker can embed malicious external-type hyperlinks that if activated or followed by a victim can execute arbitrary shell commands. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0434 to this issue.
All users of Xpdf are advised to upgrade to these errata packages, which contain a patch correcting this issue.
SolutionUpdate the affected xpdf package.