USN-4642-1: PDFResurrect vulnerability
24 November 2020
PDFResurrect could be made to crash or run programs as your login if it opened a specially crafted file.
Releases
Packages
- pdfresurrect - tool for extracting versioning data from PDF documents
Details
It was discovered that PDFResurrect incorrectly handled certain memory
operations during PDF summary generation. An attacker could use this to
cause out-of-bounds writes, resulting in a denial of service (system crash)
or arbitrary code execution.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
In general, a standard system update will make all the necessary changes.