Debian Security Advisory - Xpdf has two security problems - Tempfiles were created insecurely, and when handling URLs in documents no checking was done for shell metacharacters before starting the browser. This makes it possible to construct a document which cause xpdf to run arbitrary commands when the user views an URL. Both problems have been fixed in version 0.90-7, and we recommend you upgrade your xpdf package immediately.
e56990f7174ae5f59fb7c1fa5969013a7c59b4c17eb4b2d38c8deea23a6726b8