Gentoo Linux Security Advisory GLSA 200711-22 – Alin Rad Pop (Secunia Research) discovered several vulnerabilities in the Stream.cc file of Xpdf: An integer overflow in the DCTStream::reset() method and a boundary error in the CCITTFaxStream::lookChar() method, both leading to heap-based buffer overflows. He also discovered a boundary checking error in the DCTStream::readProgressiveDataUnit() method causing memory corruption. Note: Gentoo’s version of Xpdf is patched to use the Poppler library, so the update to Poppler will also fix Xpdf. Versions less than 0.6.1-r1 are affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/61139/glsa-200711-22.txt
Source: https://packetstormsecurity.com/files/61139/Gentoo-Linux-Security-Advisory-200711-22.html