Gentoo Security Advisory GLSA 200601-17 (xpdf Poppler Gpdf Libextractor Pdftohtml) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200601-17.

Solution

All Xpdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-text/xpdf-3.01-r5' All Poppler users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-text/poppler-0.4.3-r4' All GPdf users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-text/gpdf-2.10.0-r3' All libextractor users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-libs/libextractor-0.5.9' All pdftohtml users should migrate to the latest stable version of Poppler. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200601-17 http://bugs.gentoo.org/show_bug.cgi?id=117481 http://bugs.gentoo.org/show_bug.cgi?id=117494 http://bugs.gentoo.org/show_bug.cgi?id=117495 http://bugs.gentoo.org/show_bug.cgi?id=115789 http://bugs.gentoo.org/show_bug.cgi?id=118665

Insight

Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to integer overflows that may be exploited to execute arbitrary code.

Severity

Classification

CVE CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200601-17 (xpdf poppler gpdf libextractor pdftohtml)

Take action and discover your vulnerabilities