RHSA-2009:1501: Important: xpdf security update
Xpdf is an X Window System based viewer for Portable Document Format (PDF)files.Multiple integer overflow flaws were found in Xpdf. An attacker couldcreate a malicious PDF file that would cause Xpdf to crash or, potentially,execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604issue, and Chris Rohlf for reporting the CVE-2009-3608 issue.Users are advised to upgrade to this updated package, which contains abackported patch to correct these issues.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2009:1501?
The severity of RHSA-2009:1501 is critical due to multiple integer overflow flaws in Xpdf that could lead to code execution.
How do I fix RHSA-2009:1501?
To fix RHSA-2009:1501, you should update your Xpdf package to version 3.00-22.el4_8.1 or later.
What vulnerabilities are addressed in RHSA-2009:1501?
RHSA-2009:1501 addresses multiple integer overflow vulnerabilities in the Xpdf PDF viewer.
What could happen if I don't address RHSA-2009:1501?
If RHSA-2009:1501 is not addressed, an attacker could exploit the vulnerabilities to crash the application or execute arbitrary code.
Which software versions are affected by RHSA-2009:1501?
The affected software versions for RHSA-2009:1501 include Xpdf versions prior to 3.00-22.el4_8.1.