Internet security research firm iDefense has announced a series of vulnerabilities and patches for a variety of Unix- and Linux-based products.
A stack-based buffer overflow was revealed in version 3.00 of Xpdf, a popular viewer for reading PDF files, usually created by Adobe Acrobat.
“Remote exploitation of a buffer overflow vulnerability in the xpdf PDF viewer, as included in multiple Linux distributions, could allow attackers to execute arbitrary code as the user viewing a PDF file,” the iDefense advisory said. According to the advisory, SuSE Linux, Red Hat Linux, Fedora Core, Debian Linux, Gentoo Linux, FreeBSD (ports) and OpenBSD are affected.
iDefense said that the bug is not a simple one to exploit, but that it can be done if the attacker has knowledge of the operating system that is running. The attacker must, of course, convince the user to view a malicious PDF file.
Foo Labs has released a patch for the problem and an updated binary version (3.00pl2) of the product.
Meanwhile, two bugs were announced in LibTIFF, a popular library for working with TIFF image files. Both are heap-based buffer overflows and have the potential to allow remote code execution.
The user must be persuaded to open a malicious TIFF file from within an application linked to a vulnerable version of the library. The first bug, which affects the calculation of the size of a directory entry, was confirmed by iDefense in LibTIFF versions 3.5.7 and 3.7.0. The second, which affects the parsing of files with the STRIPOFFSETS flag, was confirmed in LibTIFF 3.6.1.
Both problems are fixed in the current version of the library, 3.7.1.