Bug 97462 - xpdf can execute shell code in malicious external hyperlink
xpdf can execute shell code in malicious external hyperlink
Product: Red Hat Linux
Classification: Retired
Component: xpdf (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ngo Than
Mike McLean
: Security
Depends On:
  Show dependency treegraph
Reported: 2003-06-16 07:32 EDT by Ronny Buchmann
Modified: 2007-04-18 12:54 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-06-16 09:34:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
fixed xpdf-1.00-redhat.patch (7.53 KB, patch)
2003-06-16 09:00 EDT, Ronny Buchmann
no flags Details | Diff

  None (edit)
Description Ronny Buchmann 2003-06-16 07:32:44 EDT
Description of problem:
xpdf can execute shell code in malicious external hyperlinks

Version-Release number of selected component (if applicable):
i assume bug exists in all xpdf versions shipped with rhl releases

How reproducible:

pdflatex xpdf-url-run.tex

Steps to Reproduce:
1. pdflatex the file below
2. open it with xpdf
3. click the link, the file $HOME/generated_through_xpdf is generated
Proposed Fix:
change the xpdf-1.00-redhat.patch to call "htmlview '%s'" as urlCommand (single
quotes added)

also useful as a temporary workaround for system adminstrators (affected file is

Additional Info:
see http://lists.netsys.com/pipermail/full-disclosure/2003-June/010397.html
Comment 1 Ronny Buchmann 2003-06-16 09:00:50 EDT
Created attachment 92424 [details]
fixed xpdf-1.00-redhat.patch
Comment 2 Ngo Than 2003-06-16 09:34:56 EDT
i have fixed this bug two week ago. I hope it will be pushed as errata this week.

Thanks for your report.

Note You need to log in before you can comment on or make changes to this bug.