Hi, I just have found that a fix for xpdf-2.01 is available: CTAN:support/xpdf/xpdf-2.01-patch1 It is quite short, so I have added it to this mail. Thomas Index: GfxState.cc =================================================================== RCS file: /home/derekn/src/cvs/xpdf/GfxState.cc,v retrieving revision 1.52 retrieving revision 1.55 diff -c -r1.52 -r1.55 *** GfxState.cc 21 Nov 2002 18:55:57 -0000 1.52 --- GfxState.cc 16 Dec 2002 21:57:13 -0000 1.55 *************** *** 815,823 **** --- 815,833 ---- obj1.free(); if (!arr->get(2, &obj1)->isInt()) { error(-1, "Bad Indexed color space (hival)"); + delete baseA; goto err2; } indexHighA = obj1.getInt(); + if (indexHighA < 0 || indexHighA > 255) { + // the PDF spec requires indexHigh to be in [0,255] -- allowing + // values larger than 255 creates a security hole: if nComps * + // indexHigh is greater than 2^31, the loop below may overwrite + // past the end of the array + error(-1, "Bad Indexed color space (invalid indexHigh value)"); + delete baseA; + goto err2; + } obj1.free(); cs = new GfxIndexedColorSpace(baseA, indexHighA); arr->get(3, &obj1);