Support / Security / Advisories / Corporate Server 3.0 / MDKSA-2007:159

Package name: gpdf
Date: 2007-08-13
Advisory ID: MDKSA-2007:159
Affected versions: CS3.0 i586 , CS3.0 x86_64

Problem description

Maurycy Prodeus found an integer overflow vulnerability in the way
various PDF viewers processed PDF files. An attacker could create
a malicious PDF file that could cause gpdf to crash and possibly
execute arbitrary code open a user opening the file.

This update provides packages which are patched to prevent these
issues.

Updated packages

CS3.0 i586

 4cd42c64b35c4eccdcb85de2a0889876  corporate/3.0/i586/gpdf-0.112-2.8.C30mdk.i586.rpm 
 5eaf44a638c77c2b6b9f99c81a8bd00a  corporate/3.0/SRPMS/gpdf-0.112-2.8.C30mdk.src.rpm

CS3.0 x86_64

 a994aae5759655c0b8dffa064c5f83a8  corporate/3.0/x86_64/gpdf-0.112-2.8.C30mdk.x86_64.rpm 
 5eaf44a638c77c2b6b9f99c81a8bd00a  corporate/3.0/SRPMS/gpdf-0.112-2.8.C30mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387