An unspecified vulnerability can be triggered by a malformed PDF
document, as demonstrated by 2008-HI2.pdf (CVE-2008-2549).
Peter Vreugdenhil, Dyon Balding, Will Dormann, Damian Frizza, and
Greg MacManus reported a stack-based buffer overflow in the
string argument (CVE-2008-2992).
Greg MacManus of iDefense Labs reported an array index error that
can be leveraged for an out-of-bounds write, related to parsing of
Type 1 fonts (CVE-2008-4812).
Javier Vicente Vallejo and Peter Vregdenhil, via Zero Day
Initiative, reported multiple unspecified memory corruption
Thomas Garnier of SkyRecon Systems reported an unspecified
Josh Bressers of Red Hat reported an untrusted search path
Peter Vreugdenhil reported through iDefense that the Download
Manager can trigger a heap corruption via calls to the AcroJS
A remote attacker could entice a user to open a specially crafted PDF
document, and local attackers could entice a user to run acroread from
an untrusted working directory. Both might result in the execution of
arbitrary code with the privileges of the user running the application,
or a Denial of Service.
There is no known workaround at this time.
All Adobe Reader users should upgrade to the latest version:
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
firstname.lastname@example.org or alternatively, you may file a bug at
Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.