Integer overflow in the StreamPredictor::StreamPredictor function in gpdf before 2.8.2, as used in (1) poppler, (2) xpdf, (3) kpdf, (4) kdegraphics, (5) CUPS, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file. KDE's advisory is here, http://www.kde.org/info/security/advisory-20070730-1.txt They claim execution of arbitrary code is possible.
Bugs exist already. The security team will hopefully make them visible to everyone, soon. *** This bug has been marked as a duplicate of bug 187139 ***
Just trying to catch up on bugs, but is poppler fixed anywhere?
(In reply to comment #2) > Just trying to catch up on bugs, but is poppler fixed anywhere? > Don't think so and according to the CVE cups should be also affected.