Fortinet Discovers Xpdf Pdftohtml Use After Free Vulnerability
Fortinet's FortiGuard Labs has discovered a memory corruption vulnerability in Xpdf Pdftohtml.
Pdftohtml is a free tool within the Xpdf toolkit. It can be used to convert Portable Document Format (PDF) files to HTML so that they can be viewed in a web browser.
A memory corruption vulnerability has been discovered in Xpdf Pdftohtml. The vulnerability exists because Pdftohtml can't correctly parse a crafted PDF file which causes a Use-After-Free. It could allow malicious users to create code execution scenarios.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Dec 01, 2015
Users should apply the latest Xpdf version provided by FooLabs.
Fortinet reported the vulnerability to FooLabs on December 01, 2015.