|
|
Log in / Subscribe / Register

Fedora alert FEDORA-2025-e72c726192 (xpdf)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 42 Update: xpdf-4.06-1.fc42


Date:
              Fri, 05 Dec 2025 02:42:51 +0000


Message-ID:
              <20251205024251.14FB579729@bastion01.rdu3.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e72c726192
2025-12-05 02:40:12.305976+00:00
--------------------------------------------------------------------------------

Name        : xpdf
Product     : Fedora 42
Version     : 4.06
Release     : 1.fc42
URL         : https://www.xpdfreader.com/
Summary     : A PDF file viewer for the X Window System
Description :
Xpdf is an X Window System based viewer for Portable Document Format
(PDF) files. Xpdf is a small and efficient program which uses
standard X fonts.

--------------------------------------------------------------------------------
Update Information:

Update to 4.06. Lots of bugfixes, but notably, security fixes for the following
CVEs:
CVE-2024-2971
CVE-2024-3247
CVE-2024-3248
CVE-2024-3900
CVE-2024-4141
CVE-2024-4568
CVE-2024-4976
CVE-2024-7866
CVE-2024-7867
CVE-2024-7868
CVE-2025-2574
CVE-2025-3154
CVE-2025-11896
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2025 Tom Callaway <spot@fedoraproject.org> - 1:4.06-1
- update to 4.06
* Thu Jul 31 2025 Tom Callaway <spot@fedoraproject.org> - 1:4.05-8
- passing -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with CMake4 (bz2381643)
* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 1:4.05-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2271913 - CVE-2024-2971 xpdf: negative object number in an indirect reference in a PDF
file can cause an out-of-bounds array write [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2271913
  [ 2 ] Bug #2272853 - CVE-2024-3247 xpdf: stack-overflow in pdftotext [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2272853
  [ 3 ] Bug #2272856 - CVE-2024-3248 xpdf: stack overflow via pdftpng [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2272856
  [ 4 ] Bug #2275829 - CVE-2024-3900 xpdf: out-of-bounds array write [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2275829
  [ 5 ] Bug #2277032 - CVE-2024-4141 xpdf: Out-of-bounds array write [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2277032
  [ 6 ] Bug #2279473 - CVE-2024-4568 xpdf: loop in the PDF resources leads to infinite recursion
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2279473
  [ 7 ] Bug #2280762 - CVE-2024-4976 xpdf: Out-of-bounds array write due to missing object type
check [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2280762
  [ 8 ] Bug #2305301 - CVE-2024-7868 xpdf: invalid header info in a DCT (JPEG) stream can lead to
an uninitialized variable in the DCT decoder [fedora-39]
        https://bugzilla.redhat.com/show_bug.cgi?id=2305301
  [ 9 ] Bug #2305302 - CVE-2024-7867 xpdf: integer overflow and divide-by-zero due to very large
coordinates in a page box [fedora-39]
        https://bugzilla.redhat.com/show_bug.cgi?id=2305302
  [ 10 ] Bug #2305307 - CVE-2024-7866 xpdf: infinite recursion and a stack overflow due to PDF
object loop in a pattern resource [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2305307
  [ 11 ] Bug #2354014 - CVE-2025-2574 xpdf: Out-of-bounds array write in Xpdf 4.05 due to incorrect
integer overflow checking [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2354014
  [ 12 ] Bug #2357056 - CVE-2025-3154 xpdf: Out-of-bounds array write due to invalid VerticesPerRow
in Xpdf 4.05 [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2357056
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e72c726192' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds