PDFs may pose threat to Unix, Linux

A security flaw in commonly distributed file-viewing programs may make it possible for attackers to use Adobe Systems Inc. PDF and PostScript files to run malicious code on machines using the Unix or Linux operating systems, according to an advisory released by technology security company iDefense Inc.

The open source viewing programs, named gv, kghostview and ggv, are used to view PDF and PostScript files and are commonly packaged with popular versions of the Linux operating systems including those by RedHat Inc. and the Debian Project, as well as common flavors of Unix such as those by Sun Microsystems Inc., according to David Endler, director of technical intelligence at Chantilly, Virginia-based iDefense.

Using a flaw in the file-viewers' program code, an attacker could use a deliberately malformed PostScript or PDF file to cause a buffer overflow in the viewer that would enable code from the attacker to be run.

Once executed, the code could e-mail malicious files onto the victim's system, delete the victim's files or worse, Endler said.

And, while any malicious code would only be able to take advantage of the current user's security permissions, Endler notes that it is not uncommon for users to open and read mail while logged on using the administrative root account -- a condition that would give an attacker unlimited access to the victim's machine.

The vulnerability does not appear to be exploitable when opening PDF and PostScript files from the viewer's interface, according to Endler, so attackers would need to trick users into opening the files using text commands.

While that may seem like a tall task, associating any of the affected readers with an e-mail program may expose users to the vulnerability when opening PDF or PostScript e-mail attachments.

Gv is one of a number of programs that interact with ghostscript, common open source code that enables the contents of Adobe PDF and PostScript files to be viewed. Kghostview and ggv are variations of the gv source code. Other variations include ghostview, mgv, and gsview. It is not known whether those readers contain the buffer overflow vulnerability as well.

Compounding the vulnerability problem is the collaborative nature of software development for Unix and Linux. The gv program was originally authored by Johannes Plass from the Department of Physics at Johannes Gutenberg University in Mainz, Germany. Unfortunately, Plass could not be reached by the security experts who discovered the vulnerability and, as yet, no fix for the vulnerability has been issued, according to the advisory.

Leading Linux and Unix vendors will soon be issuing patches for the vulnerability, according to Endler. According to Endler, Red Hat Inc. will have patches for the three affected readers available by next week.

In the meantime, iDefense recommends switching to a PDF and PostScript reader that is not affected by the vulnerability. If using an affected reader, iDefense recommends opening PDF and PostScript files only from the user interface, instead of from the command line.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?