FreeBSD : xpdf -- makeFileKey2() buffer overflow vulnerability (f755545e-6fcd-11d9-abec-00061bd2d56f)
High Nessus Plugin ID 19176
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionAn iDEFENSE Security Advisory reports :
Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer included in multiple Unix and Linux distributions could allow for arbitrary code execution as the user viewing a PDF file.
The vulnerability specifically exists due to insufficient bounds checking while processing a PDF file that provides malicious values in the /Encrypt /Length tag. The offending code can be found in the Decrypt::makeFileKey2 function in the source file xpdf/Decrypt.cc.
SolutionUpdate the affected packages.