RHEL 4 : xpdf (RHSA-2006:0201)
High Nessus Plugin ID 20898
SynopsisThe remote Red Hat host is missing a security update.
DescriptionAn updated xpdf package that fixes a buffer overflow security issue is now available.
This update has been rated as having important security impact by the Red Hat Security Response Team.
The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files.
A heap based buffer overflow bug was discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0301 to this issue.
Users of Xpdf should upgrade to this updated package, which contains a backported patch to resolve these issues.
Red Hat would like to thank Dirk Mueller for reporting this issue and providing a patch.
SolutionUpdate the affected xpdf package.