USN-4642-1: PDFResurrect vulnerability

24 November 2020

PDFResurrect could be made to crash or run programs as your login if it opened a specially crafted file.

Releases

Packages

  • pdfresurrect - tool for extracting versioning data from PDF documents

Details

It was discovered that PDFResurrect incorrectly handled certain memory
operations during PDF summary generation. An attacker could use this to
cause out-of-bounds writes, resulting in a denial of service (system crash)
or arbitrary code execution.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04

In general, a standard system update will make all the necessary changes.

References