Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file. Reference: MISC:http://bugs.freedesktop.org/attachment.cgi?id=30599&action=edit Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534680 Reference: CONFIRM:http://bugs.freedesktop.org/show_bug.cgi?id=23074 Reference: BID:36976 Reference: URL:http://www.securityfocus.com/bid/36976 Reference: SECUNIA:37333 Reference: URL:http://secunia.com/advisories/37333 Reference: VUPEN:ADV-2009-3227 Reference: URL:http://www.vupen.com/english/advisories/2009/3227 Reference: XF:poppler-abwoutputdev-bo(54215) Reference: URL:http://xforce.iss.net/xforce/xfdb/54215
This issue does not affect poppler in Red Hat Enterprise Linux 5; the vulnerable program (pdftoabw) is not present, nor is the vulnerable source file or function. The program in question was added 2007-04-03 (0.5.9). This does affect Fedora 10, 11, and 12.
(In reply to comment #1) > This does affect Fedora 10, 11, and 12. I don't see pdftoabw in Fedora poppler packages. Looking into build logs on F-10 to F-12, I see this in configure summary: Building poppler with support for: ... abiword output: no So Fedora is fine too unless packages are rebuilt with abiword support enabled but without a fix.
Thanks for the notice... I'd been tempted to (re)enable abiword output, but will now certainly wait until it can be confirmed to be safe/secure.