poppler
Page content
- Vulnerable: 0.6.4-1
- Unaffected: 0.6.4-2kalgan1
A vulnerability has been reported in Poppler, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to the “Page” constructor leaving the “pageWidgets” object uninitialized under specific circumstances. This can be exploited to potentially trigger the “free()” of an arbitrary address when the object is deleted. Successful exploitation may allow execution of arbitrary code via a specially crafted PDF file.
- Bug Tracker URL: http://bugs.frugalware.org/task/3311