Note: This is an archival copy of Security Sun Alert 201554 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001161.1.
Solaris 10 Operating System
Date of Workaround Release
Date of Resolved Release
Multiple security vulnerabilities in the Solaris Gnome PDF Document Viewer (gpdf(1)) may allow a local or remote unprivileged user to cause the PDF Document Viewer application to crash or hang (potentially consuming excessive amounts of disk space, which may affect system performance), or may allow that user to execute arbitrary code with the privileges of the user opening a specially crafted PDF document with gpdf(1). The ability to crash or hang the gpdf(1) application or to cause it to consume excess disk space, are all types of Denial of Service (DoS).
These issues are also referenced in the following documents:
These issues can occur in the following releases:
Note: Solaris 9 and Solaris 8 do not ship Gnome PDF Viewer and are not affected by these issues.
These issues only occur in Gnome PDF Viewer version 0.132 or earlier. To determine the version of gpdf(1) installed on the system, the following command can be run:
$ gpdf --version Gnome gpdf 0.132
Due to these vulnerabilities, the GNOME PDF Viewer may crash or hang (potentially consuming excessive disk space) while opening certain PDF documents.
There are no predictable symptoms to indicate that these issues have been exploited to execute arbitrary code.
Until the resolution patches can be applied, it may be possible to work around the described issues by not opening untrusted PDF files with the GNOME PDF Viewer.
This issue is addressed in the following releases:
This solution has no attachment