Note: This is an archival copy of Security Sun Alert 201554 as previously published on
Latest version of this security advisory is available from as Sun Alert 1001161.1.
Article ID : 1001161.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2007-08-05
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Multiple Security Vulnerabilities in the Solaris Gnome PDF Viewer (gpdf(1)) may Allow a Denial of Service (DoS) Condition or Lead to Execution of Arbitrary Code


Release Phase

Solaris 10 Operating System

Bug Id

Date of Workaround Release

Date of Resolved Release


Multiple security vulnerabilities in the Solaris Gnome PDF Document Viewer (gpdf(1)) may allow a local or remote unprivileged user to cause the PDF Document Viewer application to crash or hang (potentially consuming excessive amounts of disk space, which may affect system performance), or may allow that user to execute arbitrary code with the privileges of the user opening a specially crafted PDF document with gpdf(1). The ability to crash or hang the gpdf(1) application or to cause it to consume excess disk space, are all types of Denial of Service (DoS).

These issues are also referenced in the following documents:

Contributing Factors

These issues can occur in the following releases:

SPARC Platform

  • Solaris 10 without patch 120739-04

x86 Platform

  • Solaris 10 without patch 120740-04

Note: Solaris 9 and Solaris 8 do not ship Gnome PDF Viewer and are not affected by these issues.

These issues only occur in Gnome PDF Viewer version 0.132 or earlier. To determine the version of gpdf(1) installed on the system, the following command can be run:

    $ gpdf --version
    Gnome gpdf 0.132



Due to these vulnerabilities, the GNOME PDF Viewer may crash or hang (potentially consuming excessive disk space) while opening certain PDF documents.

There are no predictable symptoms to indicate that these issues have been exploited to execute arbitrary code.


Until the resolution patches can be applied, it may be possible to work around the described issues by not opening untrusted PDF files with the GNOME PDF Viewer.


This issue is addressed in the following releases:

SPARC Platform

  • Solaris 10 with patch 120739-04 or later

x86 Platform

  • Solaris 10 with patch 120740-04 or later

Modification History
Date: 06-AUG-2007
  • State: Resolved
  • Updated Contributing Factors and Resolution sections



This solution has no attachment