Arch Linux Security Advisory ASA-201910-10 ========================================== Severity: Medium Date : 2019-10-16 CVE-ID : CVE-2019-16927 Package : xpdf Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1048 Summary ======= The package xpdf before version 4.02-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 4.02-1. # pacman -Syu "xpdf>=4.02-1" The problem has been fixed upstream in version 4.02. Workaround ========== None. Description =========== Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. Impact ====== A local attacker is able to execute arbitrary code via a specially crafted PDF document. References ========== https://bugs.archlinux.org/task/63980 https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885 https://security.archlinux.org/CVE-2019-16927