During a source code audit, Chris Evans and others discovered a number of integer overflow bugs that affected all versions of xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. CAN-2004-0888 Affects: FC2 Additionally more integer overflow issues that only affect version 3 of xpdf: CAN-2004-0889 Affects: FC2 This issue is embargoed until Oct20 1400UTC
Created attachment 105061 [details] xpdf 3 issues (includes can-2004-0888 and can-2004-0889)
it's now fixed in 3.00-3.3. it will be released today.
Removing embargo.