Maurycy Prodeus discovered an integer overflow flaw in the way xpdf processes PDF files. It's possible this flaw could be used to execute arbitrary code as the user running the application using the xpdf source.
Created attachment 159239 [details] Proposed upstream fix
embargo moved by upstream to Jul 28
krh, these packages are affected (I verified them) because of the patch we applied to fix CVE-2005-3193.
These issues should now be considered public.
KDE Security Advisory with patches for koffice and kdegraphics: http://www.kde.org/info/security/advisory-20070730-1.txt
poppler-0.5.4-8.fc7 has been submitted as an update for Fedora 7
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: kdegraphics: http://rhn.redhat.com/errata/RHSA-2007-0729.html gpdf: http://rhn.redhat.com/errata/RHSA-2007-0730.html xpdf: http://rhn.redhat.com/errata/RHSA-2007-0735.html cups: http://rhn.redhat.com/errata/RHSA-2007-0720.html poppler: http://rhn.redhat.com/errata/RHSA-2007-0732.html tetex: http://rhn.redhat.com/errata/RHSA-2007-0731.html Fedora: xpdf: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-1383 cups: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-1541 tetex: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-1547 kdegraphics: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-1594 koffice: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-1614 poppler: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-1651