A security researcher has proclaimed November to be the 'Month of Kernel
Bugs' (MoKB) and is releasing one bug each day to highlight unreported
issues with various kernels. The
associated web site currently has
six separate Linux bugs listed as well as bugs for MacOS, FreeBSD, Solaris
and Windows. The project was first
announced on the bugtraq
mailing list along with a tool that can fuzz various Linux filesystems.
The Linux bugs described are all filesystem related; they were found using the
fsfuzzer tool to generate various kinds of improperly formatted filesystem
data and to feed it to the Linux filesystem code. This leads to various
kinds of kernel problems, mostly crashes. Bugs have been found in several
different filesystem types: ext2, ext3, iso9660, cramfs, and squashfs.
The vulnerability found for cramfs actually exists in the zlib decompression
code and could potentially lead to arbitrary code execution.
While these bugs are fairly serious, they are also fairly difficult to exploit.
Other than iso9660, it is rare that a Linux user will mount a filesystem
generated by some external, potentially malicious, entity. USB flash drives
might provide a vector for exploiting some of these bugs, but
users are hopefully savvy enough to be wary of mounting them if they do
not know where they came from. Administrators may also remove the ability
for regular users to mount filesystems, especially on sensitive machines
such as servers.
Kernel bugs that allow arbitrary code execution are particularly serious
because they can provide a way to completely take over the system. If an
attacker can convince someone to mount a specially crafted cramfs image,
they may be able to cause all manner of mayhem with that system. Attacks
targeted at a specific person or company would seem to be the biggest
concern as it would be somewhat difficult to use as a vector for a
widespread infection; the logistics of distributing thousands of USB
keychains to create a Linux botnet would be daunting. The money that could
be earned by renting out the botnet, however, might be enough for some,
especially if they could find a way to do it anonymously.
Two of the reported bugs against Windows wireless drivers would seem to be
of little interest to Linux users, but, unfortunately, that is not the case.
As mentioned
here, Ndiswrapper is often used
to provide Linux 'support' for many wireless adapters and, as Dave Jones
points out,
this makes Linux potentially vulnerable as well. It may be that the vendors
release a fix promptly, but until they do, users of those drivers are
vulnerable to attack. And, in any case, propagating a fix in a Windows
network driver to a substantial portion of its users is not a simple thing
to do.
The MoKB announcement mentions the possibility of 'silent fixes' of these
problems; at least so far, that does not seem to be happening. Silent fixes
are ones that fix a security problem, but in some way obfuscate the
security implications of the fix (or, at least, are not accompanied by a
security advisory). Proprietary vendors are well known for
this kind of behavior, but one would hope open source developers are more,
well, open about those kinds of things. The only fix that seems to have
made its way into the kernel so far is for a an ext3/ext4 bug that was
found prior to the MoKB. It was clearly described as a crash in the patch
and the fsfuzzer tool was referenced. It did not specifically mention it
as a security problem, but opinions differ on whether denial of service
that is not caused externally should be considered a security issue.
While the fixes are not silent, they also do not seem to be very high on
anyone's priority list, either. So far, there do not seem to be patches for
any of the MoKB reported issues posted to the linux kernel mailing list.
The zlib inflate issue, with its memory corruption potential, would seem like
one that should be fixed relatively soon even if its exploit potential is low.
So far, MoKB has produced some interesting bugs, especially on other operating
systems. We will be keeping an eye out for any others that might have a
bigger impact on Linux users and for fixes going into the kernel. November
is only half over.
Steve Grubb discovered that netlink messages were not being checked for
their sender identity. This could lead to local users manipulating the
Avahi service.
Ftpd is vulnerable to a privilege escalation attack,
an incorrect seteuid() call can be used by an FTP user to gain
unauthorized access to files or directories.
From the MOKB-05-11-2006
advisory: "The ISO9660 filesystem handling code of the Linux
2.6.x kernel fails to properly handle corrupted data structures, leading to
an exploitable denial of service condition. This particular vulnerability
seems to be caused by a race condition and a signedness issue. When
performing a read operation on a corrupted ISO9660 fs stream, the
isofs_get_blocks() function will enter an infinite loop when
__find_get_block_slow() callback from sb_getblk() fails ("due to various
races between file io on the block device and getblk")."
The PowerDNS nameserver suffers from a buffer overflow which can be exploited to cause a denial of service, with the potential for the execution of arbitrary code.
It was discovered that Trac, a wiki and issue tracking system for
software development projects, performs insufficient validation against
cross-site request forgery, which might lead to an attacker being able
to perform manipulation of a Trac site with the privileges of the
attacked Trac user.
From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header."
The Asterisk telephony PBX application has a heap overflow vulnerability
in the skinny channel driver. A remote attacker can use this to
arbitrarily execute code with the privileges of the Asterisk user.
See this
vulnerability report
for more information.
The BusyBox 1.1.1 passwd command does not use a proper salt when generating
passwords. This would create an instance where a brute force attack could
take very little time.
A race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by bzip2 after the
decompression is complete. Also specially crafted bzip2 archives may cause
an infinite loop in the decompressor.
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system).
The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root.
Will Drewry of the Google Security Team discovered several buffer overflows
in cscope, a source browsing tool, which might lead to the execution of
arbitrary code.
A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows
remote attackers to execute arbitrary code via a C file with a long
#include line that is later browsed by the target.
Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5
process that could lead to a Denial of Service. An attacker could possibly
exploit this vulnerability by sending specially crafted data stream to the
Cyrus-SASL server, resulting in a Denial of Service even if the attacker is
not able to authenticate.
the AVI processing code in FFmpeg has a number of buffer overflow
vulnerabilities.
If an attacker can trick a user into loading a specially crafted
crafted AVI, arbitrary code can be executed with the user's privileges.
Several remote vulnerabilities have been discovered in freeradius, a
high-performance RADIUS server, which may lead to SQL injection or denial
of service.
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user.
The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree.
A buffer overflow in dwarfread.c and dwarf2read.c debugging code in GNU
Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to
execute arbitrary code via a crafted file with a location block
(DW_FORM_block) that contains a large number of operations.
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user.
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash.
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code.
zgrep in gzip before 1.3.5 does not handle shell metacharacters like '|'
and '&' properly when they occurred in input file names. This could be
exploited to execute arbitrary commands with user privileges if zgrep is
run in an untrusted directory with specially crafted file names.
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick
6.0.7 allow user-assisted attackers to cause a denial of service and
possibly execute execute arbitrary code via (1) a DCM image that is not
properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a
PALM image that is not properly handled by the ReadPALMImage function in
coders/palm.c.
M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the
validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user
were tricked into viewing or processing a specially crafted image with
an application that uses imlib2, the flaws could be exploited to execute
arbitrary code with the user's privileges.
It was discovered that the Ingo email filter rules manager performs
insufficient escaping of user-provided data in created procmail rules
files, which allows the execution of arbitrary shell commands.
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information.
Sridhar Samudrala discovered a local denial of service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel. (CVE-2006-4535)
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By attempting
to execute a specially crafted executable, a local user could exploit
this to crash the kernel. (CVE-2006-4538)
Some vulnerabilities were discovered in the Linux 2.6 kernel:
There are possibly exploitable bugs in the netfilter for IPv6 code.
(CVE-2006-4572)
The ATM subsystem of the Linux kernel could allow a remote attacker to
cause a Denial of Service (panic) via unknown vectors that cause the ATM
subsystem to access the memory of socket buffers after they are freed.
(CVE-2006-4997)
The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to
2.6.17, and possibly later versions, allows local users to cause a denial
of service (memory consumption) by writing more data to the serial port
than the driver can handle, which causes the data to be queued.
Previous versions of the kernel package are subject to several
vulnerabilities. Certain malformed UDF filesystems can cause the system to
crash (denial of service). Malformed CDROM firmware or USB storage devices
(such as USB keys) could cause system crash (denial of service), and if
they were intentionally malformed, can cause arbitrary code to run with
elevated privileges. In addition, the SCTP protocol is subject to a remote
system crash (denial of service) attack.
Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges.
Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment
error in libgadu (from ekg, console Gadu Gadu client, an instant
messaging program) which is included in gaim, a multi-protocol instant
messaging client, as well. This can not be exploited on the x86
architecture but on others, e.g. on Sparc and lead to a bus error,
in other words a denial of service.
Several buffer overflows were found in libmms. By tricking a user into
opening a specially crafted remote multimedia stream with an application
using libmms, a remote attacker could overwrite an arbitrary memory portion
with zeros, thereby crashing the program.
Steve Rigler discovered that the PAM module for authentication against
LDAP servers processes PasswordPolicyReponse control messages incorrectly,
which might lead to an attacker being able to login into a suspended
system account.
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow.
A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim.
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code.
LibVNCServer fails to properly validate protocol types effectively
letting users decide what protocol to use, such as "Type 1 - None".
LibVNCServer will accept this security type, even if it is not offered
by the server.
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and
1.0.3 opens a file for reading twice using the same file descriptor, which
causes a file descriptor leak that allows local users to read files
specified by the XCOMPOSEFILE environment variable via the duplicate file
descriptor.
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code.
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed.
Derek Abdine discovered that the NVIDIA Xorg driver did not correctly
verify the size of buffers used to render text glyphs. When displaying
very long strings of text, the Xorg server would crash. If a user were
tricked into viewing a specially crafted series of glyphs, this flaw
could be exploited to run arbitrary code with root privileges.
An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious URL
which could execute arbitrary code as the user running lynx.
The mono System.CodeDom.Compiler classes suffer from a temporary file symlink vulnerability which could be used to overwrite files, or, in this case, even inject arbitrary code into a running mono application.
Two flaws were found in the way Firefox/Thunderbird processed certain regular
expressions. A malicious web page/HTML email could crash the browser or
possibly execute arbitrary code as the user running
Firefox/Thunderbird. (CVE-2006-4565, CVE-2006-4566)
A number of flaws were found in Firefox/Thunderbird. A malicious web
page/HTML email could crash the browser or possibly execute arbitrary code
as the user running Firefox/Thunderbird. (CVE-2006-4571)
A flaw was found in the handling of JavaScript timed events. A malicious
web page could crash the browser or possibly execute arbitrary code as the
user running Firefox/Thunderbird. (CVE-2006-4253)
A flaw was found in the Firefox/Thunderbird auto-update verification
system. An attacker who has the ability to spoof a victim's DNS could get
Firefox to download and install malicious code. In order to exploit this
issue an attacker would also need to get a victim to previously accept an
unverifiable certificate. (CVE-2006-4567)
Firefox did not properly prevent a frame in one domain from injecting
content into a sub-frame that belongs to another domain, which facilitates
website spoofing and other attacks (CVE-2006-4568)
Firefox did not load manually opened, blocked popups in the right domain
context, which could lead to cross-site scripting attacks. In order to
exploit this issue an attacker would need to find a site which would frame
their malicious page and convince the user to manually open a blocked
popup. (CVE-2006-4569)
Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server.
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access
a table through a previously created MERGE table, even after the user's
privileges are revoked for the original table, which might violate intended
security policy (CVE-2006-4031).
MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run
on case-sensitive filesystems, allows remote authenticated users to create
or access a database when the database name differs only in case from a
database for which they have permissions (CVE-2006-4226).
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms
via SQL queries that contain the NULL character, which are not properly
handled by the mysql_real_query function. NOTE: this issue was originally
reported for the mysql_query function, but the vendor states that since
mysql_query expects a null character, this is not an issue for mysql_query.
Kurt Fitzner discovered that the NBD (network block device) server did not
correctly verify the maximum size of request packets. By sending specially
crafted large request packets, a remote attacker who is allowed to access
the server could exploit this to execute arbitrary code with root
privileges.
slapd in OpenLDAP before 2.3.25 allows remote authenticated users with
selfwrite Access Control List (ACL) privileges to modify arbitrary
Distinguished Names (DN).
Several vulnerabilities have been discovered in OpenOffice.org, a free
office suite.
It turned out to be possible to embed arbitrary BASIC macros in
documents in a way that OpenOffice.org does not see them but executes them
anyway without any user interaction. (CVE-2006-2198)
It is possible to evade the Java sandbox with specially crafted Java
applets. (CVE-2006-2199)
Loading malformed XML documents can cause buffer overflows and cause a
denial of service or execute arbitrary code. (CVE-2006-3117)
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of
service (crash) by sending an invalid protocol sequence with
USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
An unspecified vulnerability in portable OpenSSH before 4.4, when running
on some platforms, allows remote attackers to determine the validity of
usernames via unknown vectors involving a GSSAPI "authentication abort."
From the OpenSSH 4.5 announcement: "Fix a bug in the sshd privilege separation monitor that weakened its
verification of successful authentication. This bug is not known to
be exploitable in the absence of additional vulnerabilities."
Openssh 4.4 fixes some
security issues, including a pre-authentication denial of service, an
unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort
could be used to determine the validity of usernames on some platforms.
Philip Mackenzie, Marius Schilder, Jason Waddle and Ben Laurie of Google
Security discovered that the OpenSSL library did not sufficiently check the
padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3
(which is widely used for CAs). This could be exploited to forge signatures
without the need of the secret key.
OpenSSL has a number of denial of service vulnerabilities including:
two vulnerabilities involving invalid ASN.1 structures, a buffer overflow
in the SSL_get_shared_ciphers() function and an SSLv2 client crash that
can be caused by a malicious server.
The file_exists and imap_reopen functions in PHP before 5.1.5 do not check
for the safe_mode and open_basedir settings, which allows local users to
bypass the settings (CVE-2006-4481).
A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have an
unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table array
(CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485).
The Hardened-PHP Project discovered buffer overflows in
htmlentities/htmlspecialchars internal routines to the PHP Project. Of
course the whole purpose of these functions is to be filled with user
input. (The overflow can only be when UTF-8 is used)
It was discovered that phpbb2, a web based bulletin board, insufficiently
sanitizes values passed to the "Font Color 3" setting, which might lead to
the execution of injected code by admin users.
The phpbb2 web forum has a number of vulnerabilities including:
a web script injection problem, a protection mechanism bypass, a
security check bypass, a remote global variable bypass, cross site
scripting vulnerabilities, an SQL injection vulnerability,
a remote regular expression modification problem, missing input
sanitizing, and a missing request validation problem.
Stefan Esser reported multiple vulnerabilities
found in phpMyAdmin. The $GLOBALS variable allows modifying the global
variable import_blacklist to open phpMyAdmin to local and remote file
inclusion, depending on your PHP version (CVE-2005-4079, PMASA-2005-9).
Furthermore, it is also possible to conduct an XSS attack via the
$HTTP_HOST variable and a local and remote file inclusion because the
contents of the variable are under total control of the attacker
(CVE-2005-3665, PMASA-2005-8).
The PostgreSQL team has put out a set of "urgent updates" (in the form of the 7.3.15, 7.4.13, 8.0.8, and 8.1.4 releases) closing a
newly-discovered set of SQL injection issues. Details about the problem
can be found on the
technical information page; in short: multi-byte encodings can be used
to defeat normal string sanitizing techniques. The update fixes one problem
related to invalid multi-byte characters, but punts on another by simply
disallowing the old, unsafe technique of escaping single quotes with a
backslash.
Michael Fuhr discovered an incorrect type check when handling unknown
literals. By attempting to coerce such a literal to the ANYARRAY type, a
local authenticated attacker could cause a server crash. (CVE-2006-5541)
Josh Drake and Alvaro Herrera reported a crash when using aggregate
functions in UPDATE statements. A local authenticated attacker could
exploit this to crash the server backend. This update disables this
construct, since it is not very well defined and forbidden by the SQL
standard. (CVE-2006-5540)
Sergey Koposov discovered a flaw in the duration logging. This could cause
a server crash under certain circumstances. (CVE-2006-5542)
An error was found in the RPM library's handling of query reports. In
some locales, certain RPM packages would cause the library to crash. If
a user was tricked into querying a specially crafted RPM package, the
flaw could be exploited to execute arbitrary code with the user's
privileges.
The CGI library in Ruby 1.8 allowed a remote attacker to cause a denial of
service via an HTTP request with a multipart MIME body that contained an
invalid boundary specifier, which would result in an infinite loop and CPU
consumption.
The useradd tool from the shadow-utils package has a potential security
problem. When a new user's mailbox is created, the permissions are
set to random garbage from the stack, potentially allowing the
file to be read or written during the time before fchmod() is called.
Marco d'Itri discovered that thttpd, a small, fast and secure webserver,
makes use of insecure temporary files when its logfiles are rotated,
which might lead to a denial of service through a symlink attack.
Numerous vulnerabilities have been found in the Mozilla JavaScript and HTML
rendering code, leading to possible remote code execution attacks. This CERT advisory contains details.
A buffer overflow in UnZip 5.50 and earlier allows local users to execute
arbitrary code via a long filename command line argument. NOTE: since the
overflow occurs in a non-setuid program, there are not many scenarios under
which it poses a vulnerability, unless unzip is passed long arguments when
it is invoked from other programs.
xtensive testing of libwww's handling of multipart/byteranges content from
HTTP/1.1 servers revealed multiple logical flaws and bugs in
Library/src/HTBound.c
There are multiple vulnerabilities in Wireshark (formerly Ethereal):
Off-by-one error in the MIME Multipart dissector in Wireshark 0.10.1
through 0.99.3 allows remote attackers to cause a denial of service
(crash) via certain vectors that trigger an assertion error related to
unexpected length values. CVE-2006-4574
epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu)
in Wireshark 0.9.8 through 0.99.3 allows remote attackers to cause a
denial of service (memory consumption and crash) via an encoded XOT
packet that produces a zero length value when it is decoded.
CVE-2006-4805
Unspecified vulnerability in the HTTP dissector in Wireshark 0.99.3
allows remote attackers to cause a denial of service (crash) via
unspecified vectors. CVE-2006-5468
Unspecified vulnerability in the WBXML dissector in Wireshark 0.10.11
through 0.99.3 allows remote attackers to cause a denial of service
(crash) via certain vectors that trigger a null dereference.
CVE-2006-5469
Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.3
allows remote attackers to cause a denial of service (crash) via a
crafted LDAP packet. CVE-2006-5740
The wv library has an integer overflow vulnerability in the DOC
file parser. If a user can be tricked into opening a maliciously
crafted MSWord file, a remote attacker can execute arbitrary code
with the privileges of the user.
xine-lib does an improper input data boundary check on
MPEG streams. A specially crafted MPEG file can be
created that can cause arbitrary code execution when the
file is accessed.
Several format string vulnerabilities have been discovered in xine-ui,
the user interface of the xine video player, which may cause a denial
of service.
A race condition allows local users to see error messages generated during
another user's X session. This could allow potentially sensitive
information to be leaked.
Several X.org libraries and X.org itself contain system calls to
set*uid() functions, without checking their result. Local users could
deliberately exceed their assigned resource limits and elevate their
privileges after an unsuccessful set*uid() system call. This requires
resource limits to be enabled on the machine.
There is a buffer overflow in the Xrender extension of the X.Org server; any process which is able to connect to the server may be able to exploit this overflow to run arbitrary code. Since the X server runs as root on most systems, this vulnerability could be exploited to gain root access. See the X.Org advisory for more information.
iDefense reported two integer overflow
flaws in the way the X.org server processed CID font files. A malicious
authorized client could exploit this issue to cause a denial of service
(crash) or potentially execute arbitrary code with root privileges on the
X.org server.
xpdf has a number of integer overflows.
A remote attacker can trick a user into opening a maliciously
crafted pdf file, allowing the attacker to execute code with the
privileges of the local user.
This also affects the Poppler library, cupsys and tetex-bin.
