We.Love.Privacy.Club lwn-net@feeds.twtxt.net "Vulnerabilities in various GTK-based PDF readers Michael Catanzaro has disclosed a\ command-injection vulnerability affecting a number of GTK- ..."

feeds.twtxt.net

Vulnerabilities in various GTK-based PDF readers
Michael Catanzaro has disclosed a\ command-injection vulnerability affecting a number of GTK-based PDF
readers; exploits included:

They contain a script for building malicious polyglot PDFs that are
simultaneously both valid PDF files and also valid ELF
binaries. When the user opens the PDF in the PDF viewer and clicks
on a malicious link embedded in the PDF, the PDF abuses the command
inject … ⌘ Read more

⤋ Read More