GLSA-200803-17 : PDFlib: Multiple buffer overflows
Medium Nessus Plugin ID 31443
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200803-17 (PDFlib: Multiple buffer overflows)
poplix reported multiple boundary errors in the pdc_fsearch_fopen() function when processing overly long filenames.
A remote attacker could send specially crafted content to a vulnerable application using PDFlib, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application.
There is no known workaround at this time.
SolutionAll PDFlib users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/pdflib-7.0.2_p8'