PDFs may pose threat to Unix, Linux

A security flaw in commonly distributed file-viewing programs may make it possible for attackers to use Adobe Systems Inc. PDF and PostScript files to run malicious code on machines using the Unix or Linux operating systems, according to an advisory released by technology security company iDefense Inc.

The open source viewing programs, named gv, kghostview and ggv, are used to view PDF and PostScript files and are commonly packaged with popular versions of the Linux operating systems including those by RedHat Inc. and the Debian Project, as well as common flavors of Unix such as those by Sun Microsystems Inc., according to David Endler, director of technical intelligence at Chantilly, Virginia-based iDefense.

Using a flaw in the file-viewers' program code, an attacker could use a deliberately malformed PostScript or PDF file to cause a buffer overflow in the viewer that would enable code from the attacker to be run.

Once executed, the code could e-mail malicious files onto the victim's system, delete the victim's files or worse, Endler said.

And, while any malicious code would only be able to take advantage of the current user's security permissions, Endler notes that it is not uncommon for users to open and read mail while logged on using the administrative root account -- a condition that would give an attacker unlimited access to the victim's machine.

The vulnerability does not appear to be exploitable when opening PDF and PostScript files from the viewer's interface, according to Endler, so attackers would need to trick users into opening the files using text commands.

While that may seem like a tall task, associating any of the affected readers with an e-mail program may expose users to the vulnerability when opening PDF or PostScript e-mail attachments.

Gv is one of a number of programs that interact with ghostscript, common open source code that enables the contents of Adobe PDF and PostScript files to be viewed. Kghostview and ggv are variations of the gv source code. Other variations include ghostview, mgv, and gsview. It is not known whether those readers contain the buffer overflow vulnerability as well.

Compounding the vulnerability problem is the collaborative nature of software development for Unix and Linux. The gv program was originally authored by Johannes Plass from the Department of Physics at Johannes Gutenberg University in Mainz, Germany. Unfortunately, Plass could not be reached by the security experts who discovered the vulnerability and, as yet, no fix for the vulnerability has been issued, according to the advisory.

Leading Linux and Unix vendors will soon be issuing patches for the vulnerability, according to Endler. According to Endler, Red Hat Inc. will have patches for the three affected readers available by next week.

In the meantime, iDefense recommends switching to a PDF and PostScript reader that is not affected by the vulnerability. If using an affected reader, iDefense recommends opening PDF and PostScript files only from the user interface, instead of from the command line.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?