GLSA-200502-10 : pdftohtml: Vulnerabilities in included Xpdf
High Nessus Plugin ID 16447
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200502-10 (pdftohtml: Vulnerabilities in included Xpdf)
Xpdf is vulnerable to a buffer overflow, as described in GLSA 200501-28.
An attacker could entice a user to convert a specially crafted PDF file, potentially resulting in the execution of arbitrary code with the rights of the user running pdftohtml.
There is no known workaround at this time.
SolutionAll pdftohtml users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-text/pdftohtml-0.36-r3'