It was discovered that an integer overflow in the xpdf PDF viewer may lead
to the execution of arbitrary code if a malformed PDF file is opened.
CVE-2007-3387
Integer overflow in the StreamPredictor::StreamPredictor function in gpdf
before 2.8.2, as used in (1) poppler, (2) xpdf, (3) kpdf, (4) kdegraphics,
(5) CUPS, and other products, might allow remote attackers to execute
arbitrary code via a crafted PDF file.
For the testing distribution (lenny) this is fixed in version 0.5.4-6lenny1
For the unstable distribution (sid) this is fixed in version 0.5.4-6.1
This upgrade is recommended if you use poppler.
If you have the secure testing lines in your sources.list, you can update by running this command as root:
apt-get update && apt-get upgrade
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free
