VULHUB ™

When a user clicks a URL, xpdf 0.90 and earlier starts the viewer (netscape by default) but does not properly handle shell meta characters, making it possible for to embed malicious code within PDF files. As well, these versions create files in /tmp insecurely, raising the possibility of symbolic link attacks.

When a user clicks a URL, xpdf 0.90 and earlier starts the viewer (netscape by default) but does not properly handle shell meta characters, making it possible for to embed malicious code within PDF files. As well, these versions create files in /tmp insecurely, raising the possibility of symbolic link attacks.