Red Hat Bugzilla – Bug 97462
xpdf can execute shell code in malicious external hyperlink
Last modified: 2007-04-18 12:54:50 EDT
Description of problem:
xpdf can execute shell code in malicious external hyperlinks
Version-Release number of selected component (if applicable):
i assume bug exists in all xpdf versions shipped with rhl releases
Steps to Reproduce:
1. pdflatex the file below
2. open it with xpdf
3. click the link, the file $HOME/generated_through_xpdf is generated
change the xpdf-1.00-redhat.patch to call "htmlview '%s'" as urlCommand (single
also useful as a temporary workaround for system adminstrators (affected file is
Created attachment 92424 [details]
i have fixed this bug two week ago. I hope it will be pushed as errata this week.
Thanks for your report.