During a source code audit, Chris Evans and others discovered a number
of integer overflow bugs that affected all versions of xpdf. An
attacker could construct a carefully crafted PDF file that could cause
xpdf to crash or possibly execute arbitrary code when opened.
CAN-2004-0888 Affects: FC2
Additionally more integer overflow issues that only affect version 3
CAN-2004-0889 Affects: FC2
This issue is embargoed until Oct20 1400UTC
Created attachment 105061 [details]
xpdf 3 issues (includes can-2004-0888 and can-2004-0889)
it's now fixed in 3.00-3.3. it will be released today.