| AT2k Design BBS's VADV-PHP Home |
|
|
AT2k Design BBS Message Area
Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages! You are not logged in. Login here for full access privileges. |
| Previous Message | Next Message | Back to Computer Support/Help/Discussion... <-- <--- | Return to Home Page |
|
||||||
| From | To | Subject | Date/Time | |||
|
LWN.net | All | Vulnerabilities in various GTK-based PDF readers |
May 22, 2026 6:45 AM * |
||
Michael Catanzaro has disclosed a command-injection vulnerability affecting a number of GTK-based PDF readers; exploits included: They contain a script for building malicious polyglot PDFs that are simultaneously both valid PDF files and also valid ELF binaries. When the user opens the PDF in the PDF viewer and clicks on a malicious link embedded in the PDF, the PDF abuses the command injection vulnerability to load itself as a GTK module using the `--gtk-module` command line flag. It can then execute arbitrary code via its library constructor. That flag was removed in GTK 4, which is why the vulnerability is much less serious for Papers than it is for Evince, Atril, and Xreader. https://lwn.net/Articles/1073944/ --- SBBSecho 3.37-Linux * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24) |
||||||
|
||||||
Computer Support/Help/Discussion... 
| Previous Message | Next Message | Back to Computer Support/Help/Discussion... <-- <--- | Return to Home Page |
Execution Time: 0.0132 seconds If you experience any problems with this website or need help, contact the webmaster. VADV-PHP Copyright © 2002-2026 Steve Winn, Aspect Technologies. All Rights Reserved. Virtual Advanced Copyright © 1995-1997 Roland De Graaf. |