ID CVE-2007-4352
Summary Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.
References
Vulnerable Configurations
  • cpe:2.3:a:xpdf:xpdf:3.0.1_pl1
    cpe:2.3:a:xpdf:xpdf:3.0.1_pl1
CVSS
Base: 7.6 (as of 08-11-2007 - 21:47)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-316-01.NASL
    description New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current. New poppler packages are available for Slackware 12.0 and -current. New koffice packages are available for Slackware 11.0, 12.0, and -current. New kdegraphics packages are available for Slackware 10.2, 11.0, 12.0, and -current. These updated packages address similar bugs which could be used to crash applications linked with poppler or that use code from xpdf through the use of a malformed PDF document. It is possible that a maliciously crafted document could cause code to be executed in the context of the user running the application processing the PDF. These advisories and CVE entries cover the bugs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 http://www.kde.org/info/security/advisory-20071107-1.txt
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 28149
    published 2007-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28149
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 9.1 / current : xpdf/poppler/koffice/kdegraphics (SSA:2007-316-01)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071107_CUPS_ON_SL4_X.NASL
    description Problem description : Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60286
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60286
    title Scientific Linux Security Update : cups on SL4.x i386/x86_64
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-230.NASL
    description A flaw in the t1lib library where an attacker could create a malicious file that would cause tetex to crash or possibly execute arbitrary code when opened (CVE-2007-4033). Alin Rad Pop found several flaws in how PDF files are handled in tetex. An attacker could create a malicious PDF file that would cause tetex to crash or potentially execute arbitrary code when opened (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393). A stack-based buffer overflow in dvips in tetex allows for user-assisted attackers to execute arbitrary code via a DVI file with a long href tag (CVE-2007-5935). A vulnerability in dvips in tetex allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place (CVE-2007-5936). Multiple buffer overflows in dviljk in tetext may allow users-assisted attackers to execute arbitrary code via a crafted DVI input file (CVE-2007-5937). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 28324
    published 2007-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28324
    title Mandrake Linux Security Advisory : tetex (MDKSA-2007:230)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-3390.NASL
    description - fix t1lib flaw CVE-2007-4033 (#352271) - fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121) - xdvi won't segfault if DVI file contains character which is not present in font (#243630) - fix dvips -z buffer overflow with long href CVE-2007-5935 (#368591) - fix insecure usage of temporary file in dviljk CVE-2007-5936 CVE-2007-5937 (#368611, #368641) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 28307
    published 2007-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28307
    title Fedora 7 : tetex-3.0-40.3.fc7 (2007-3390)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1022.NASL
    description Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 36860
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36860
    title RHEL 4 : cups (RHSA-2007:1022)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-3100.NASL
    description This update fixes several PDF handling security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28162
    published 2007-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28162
    title Fedora 7 : cups-1.2.12-7.fc7 (2007-3100)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-2982.NASL
    description This update fixes a remote code execution vulnerability in the IPP handling part of the CUPS scheduler, as well as several PDF handling security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 27822
    published 2007-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27822
    title Fedora 8 : cups-1.3.4-2.fc8 (2007-2982)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-1022.NASL
    description From Red Hat Security Advisory 2007:1022 : Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67599
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67599
    title Oracle Linux 4 : cups (ELSA-2007-1022)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-1022.NASL
    description Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 37428
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37428
    title CentOS 4 : cups (CESA-2007:1022)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-160.NASL
    description Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause pdftohtml to crash and possibly execute arbitrary code open a user opening the file. This update provides packages which are patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25892
    published 2007-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25892
    title Mandrake Linux Security Advisory : pdftohtml (MDKSA-2007:160)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071108_TETEX_ON_SL5_X.NASL
    description Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60294
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60294
    title Scientific Linux Security Update : tetex on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1030.NASL
    description Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 27839
    published 2007-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27839
    title RHEL 3 : xpdf (RHSA-2007:1030)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-1030.NASL
    description Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 37859
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37859
    title CentOS 3 : xpdf (CESA-2007:1030)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-1030.NASL
    description From Red Hat Security Advisory 2007:1030 : Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67607
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67607
    title Oracle Linux 3 : xpdf (ELSA-2007-1030)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1027.NASL
    description Updated tetex packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (dvi) file as output. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 27852
    published 2007-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27852
    title RHEL 4 / 5 : tetex (RHSA-2007:1027)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-227.NASL
    description Alin Rad Pop found several flaws in how PDF files are handled in poppler. An attacker could create a malicious PDF file that would cause poppler to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37783
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37783
    title Mandrake Linux Security Advisory : poppler (MDKSA-2007:227)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1026.NASL
    description Updated poppler packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as evince. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 27837
    published 2007-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27837
    title RHEL 5 : poppler (RHSA-2007:1026)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071107_CUPS_ON_SL5_X.NASL
    description Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60287
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60287
    title Scientific Linux Security Update : cups on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-1029.NASL
    description Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 38001
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38001
    title CentOS 4 : xpdf (CESA-2007:1029)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GPDF-4651.NASL
    description A buffer overflow in the xpdf code contained in gpdf could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 28170
    published 2007-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28170
    title openSUSE 10 Security Update : gpdf (gpdf-4651)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-542-2.NASL
    description USN-542-1 fixed a vulnerability in poppler. This update provides the corresponding updates for KWord, part of KOffice. Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges in applications linked against poppler. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28249
    published 2007-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28249
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : koffice vulnerabilities (USN-542-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_PDFTOHTML-4642.NASL
    description A buffer overflow in the xpdf code contained in pdftohtml could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 28177
    published 2007-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28177
    title openSUSE 10 Security Update : pdftohtml (pdftohtml-4642)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XPDF-4644.NASL
    description A buffer overflow in xpdf could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-4352 / CVE-2007-5392 / CVE-2007-5393)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29609
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29609
    title SuSE 10 Security Update : xpdf (ZYPP Patch Number 4644)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-1026.NASL
    description From Red Hat Security Advisory 2007:1026 : Updated poppler packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as evince. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67603
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67603
    title Oracle Linux 5 : poppler (ELSA-2007-1026)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KDEGRAPHICS3-PDF-4682.NASL
    description A buffer overflow in the xpdf code contained in kpdf could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-4352 / CVE-2007-5392 / CVE-2007-5393)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29481
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29481
    title SuSE 10 Security Update : kdegraphics3-pdf (ZYPP Patch Number 4682)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-3059.NASL
    description This update includes fixes to pdf import filters that can cause crashes possibly execute arbitrary code. See http://www.kde.org/info/security/advisory-20071107-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 28159
    published 2007-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28159
    title Fedora 7 : koffice-1.6.3-13.fc7 (2007-3059)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-1027.NASL
    description Updated tetex packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (dvi) file as output. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 36664
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36664
    title CentOS 4 : tetex (CESA-2007:1027)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-1027.NASL
    description From Red Hat Security Advisory 2007:1027 : Updated tetex packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (dvi) file as output. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67604
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67604
    title Oracle Linux 4 : tetex (ELSA-2007-1027)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-542-1.NASL
    description Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges in applications linked against poppler. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28210
    published 2007-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28210
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : poppler vulnerabilities (USN-542-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1029.NASL
    description Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 36380
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36380
    title RHEL 4 : xpdf (RHSA-2007:1029)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-219.NASL
    description Alin Rad Pop found several flaws in how PDF files are handled in xpdf. An attacker could create a malicious PDF file that would cause xpdf to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37167
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37167
    title Mandrake Linux Security Advisory : xpdf (MDKSA-2007:219)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-1024.NASL
    description Updated kdegraphics packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment. This includes kpdf, a PDF file viewer. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) All kdegraphics users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 37318
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37318
    title CentOS 4 : kdegraphics (CESA-2007:1024)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-1025.NASL
    description Updated gpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. gpdf is a GNOME-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 36452
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36452
    title CentOS 4 : gpdf (CESA-2007:1025)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200711-22.NASL
    description The remote host is affected by the vulnerability described in GLSA-200711-22 (Poppler, KDE: User-assisted execution of arbitrary code) Alin Rad Pop (Secunia Research) discovered several vulnerabilities in the 'Stream.cc' file of Xpdf: An integer overflow in the DCTStream::reset() method and a boundary error in the CCITTFaxStream::lookChar() method, both leading to heap-based buffer overflows (CVE-2007-5392, CVE-2007-5393). He also discovered a boundary checking error in the DCTStream::readProgressiveDataUnit() method causing memory corruption (CVE-2007-4352). Note: Gentoo's version of Xpdf is patched to use the Poppler library, so the update to Poppler will also fix Xpdf. Impact : By enticing a user to view or process a specially crafted PDF file with KWord or KPDF or a Poppler-based program such as Gentoo's viewers Xpdf, ePDFView, and Evince or the CUPS printing system, a remote attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 28261
    published 2007-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28261
    title GLSA-200711-22 : Poppler, KDE: User-assisted execution of arbitrary code
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-1029.NASL
    description From Red Hat Security Advisory 2007:1029 : Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67606
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67606
    title Oracle Linux 4 : xpdf (ELSA-2007-1029)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-222.NASL
    description Alin Rad Pop found several flaws in how PDF files are handled in koffice. An attacker could create a malicious PDF file that would cause koffice to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37295
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37295
    title Mandrake Linux Security Advisory : koffice (MDKSA-2007:222)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071107_XPDF_ON_SL4_X.NASL
    description Problem description : Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60292
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60292
    title Scientific Linux Security Update : xpdf on SL4.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-3031.NASL
    description Resolves: xpdf memory corruption in DCTStream::readProgressiveDataUnit() xpdf buffer overflow in DCTStream::reset() xpdf buffer overflow in CCITTFaxStream::lookChar() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 28158
    published 2007-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28158
    title Fedora 7 : xpdf-3.02-4.fc7 (2007-3031)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071107_GPDF_ON_SL4_X.NASL
    description Problem description : Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60288
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60288
    title Scientific Linux Security Update : gpdf on SL4.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CUPS-4667.NASL
    description A buffer overflow in the xpdf code contained in cups could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-4352 / CVE-2007-5392 / CVE-2007-5393)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29413
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29413
    title SuSE 10 Security Update : Cups (ZYPP Patch Number 4667)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071112_KDEGRAPHICS_ON_SL5_X.NASL
    description Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60300
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60300
    title Scientific Linux Security Update : kdegraphics on SL5.x, SL4.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBEXTRACTOR-4646.NASL
    description A buffer overflow in the xpdf code contained in libextractor could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 28174
    published 2007-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28174
    title openSUSE 10 Security Update : libextractor (libextractor-4646)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1480.NASL
    description Alin Rad Pop discovered several buffer overflows in the Poppler PDF library, which could allow the execution of arbitrary code if a malformed PDF file is opened.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 30188
    published 2008-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=30188
    title Debian DSA-1480-1 : poppler - several vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-3093.NASL
    description This update includes fixes to pdf import filters that can cause crashes possibly execute arbitrary code. See http://www.kde.org/info/security/advisory-20071107-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 28161
    published 2007-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28161
    title Fedora 8 : koffice-1.6.3-13.fc8 (2007-3093)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_XPDF-4643.NASL
    description A buffer overflow in xpdf could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 28179
    published 2007-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28179
    title openSUSE 10 Security Update : xpdf (xpdf-4643)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_POPPLER-4638.NASL
    description A buffer overflow in the xpdf code contained in poppler could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 28178
    published 2007-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28178
    title openSUSE 10 Security Update : poppler (poppler-4638)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KOFFICE-4649.NASL
    description A buffer overflow in the xpdf code contained in koffice could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 28173
    published 2007-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28173
    title openSUSE 10 Security Update : koffice (koffice-4649)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-3014.NASL
    description Resolves: xpdf memory corruption in DCTStream::readProgressiveDataUnit() xpdf buffer overflow in DCTStream::reset() xpdf buffer overflow in CCITTFaxStream::lookChar() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 28157
    published 2007-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28157
    title Fedora 8 : xpdf-3.02-4.fc8 (2007-3014)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-228.NASL
    description Alin Rad Pop found several flaws in how PDF files are handled in cups. An attacker could create a malicious PDF file that would cause cups to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 28276
    published 2007-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28276
    title Mandrake Linux Security Advisory : cups (MDKSA-2007:228)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11965.NASL
    description A number of vulnerabilities have been found in the xpdf code used by cups which could be exploited, potentially remotely, by tricking the user to print a specially crafted PDF file. The vulnerabilities are in the source code file Stream.cc and may allow execution of arbitrary code with the privileges of the user viewing the PDF. Specifically, these are an array indexing error leading to memory corruption (CVE-2007-4352), a possible integer overflow causing to a buffer overflow (CVE-2007-5392) and a boundary check error that can also cause a buffer overflow. (CVE-2007-5393)
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41166
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41166
    title SuSE9 Security Update : Cups (YOU Patch Number 11965)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1024.NASL
    description Updated kdegraphics packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment. This includes kpdf, a PDF file viewer. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) All kdegraphics users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 28168
    published 2007-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28168
    title RHEL 4 : kdegraphics (RHSA-2007:1024)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-3001.NASL
    description This update addresses a security issue in kpdf, that can cause crashes or possibly execute arbitrary code, see http://www.kde.org/info/security/advisory-20071107-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-20
    plugin id 28155
    published 2007-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28155
    title Fedora 8 : kdegraphics-3.5.8-7.fc8 (2007-3001)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1537.NASL
    description Alin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf, a set of tools for display and conversion of Portable Document Format (PDF) files. The Common Vulnerabilities and Exposures project identifies the following three problems : - CVE-2007-4352 Inadequate DCT stream validation allows an attacker to corrupt memory and potentially execute arbitrary code by supplying a maliciously crafted PDF file. - CVE-2007-5392 An integer overflow vulnerability in DCT stream handling could allow an attacker to overflow a heap buffer, enabling the execution of arbitrary code. - CVE-2007-5393 A buffer overflow vulnerability in xpdf's CCITT image compression handlers allows overflow on the heap, allowing an attacker to execute arbitrary code by supplying a maliciously crafted CCITTFaxDecode filter.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 31807
    published 2008-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31807
    title Debian DSA-1537-1 : xpdf - several vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_2747FC39915B11DC9239001C2514716C.NASL
    description Secunia Research reports : Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system. - An array indexing error within the 'DCTStream::readProgressiveDataUnit()' method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file. - An integer overflow error within the 'DCTStream::reset()' method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file. - A boundary error within the 'CCITTFaxStream::lookChar()' method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted 'CCITTFaxDecode' filter. Successful exploitation may allow execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 28193
    published 2007-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28193
    title FreeBSD : xpdf -- multiple remote Stream.CC vulnerabilities (2747fc39-915b-11dc-9239-001c2514716c)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1509.NASL
    description Several vulnerabilities have been discovered in xpdf code that is embedded in koffice, an integrated office suite for KDE. These flaws could allow an attacker to execute arbitrary code by inducing the user to import a specially crafted PDF document. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4352 Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. - CVE-2007-5392 Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. - CVE-2007-5393 Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. Updates for the old stable distribution (sarge) will be made available as soon as possible.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 31170
    published 2008-02-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31170
    title Debian DSA-1509-1 : koffice - multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CUPS-4668.NASL
    description A buffer overflow in the xpdf code contained in cups could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 28203
    published 2007-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28203
    title openSUSE 10 Security Update : cups (cups-4668)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-223.NASL
    description Alin Rad Pop found several flaws in how PDF files are handled in pdftohtml. An attacker could create a malicious PDF file that would cause pdftohtml to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 28273
    published 2007-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28273
    title Mandrake Linux Security Advisory : pdftohtml (MDKSA-2007:223)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-221.NASL
    description Alin Rad Pop found several flaws in how PDF files are handled in kpdf. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37122
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37122
    title Mandrake Linux Security Advisory : kdegraphics (MDKSA-2007:221)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_POPPLER-4630.NASL
    description A buffer overflow in the xpdf code contained in poppler could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-4352 / CVE-2007-5392 / CVE-2007-5393)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29555
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29555
    title SuSE 10 Security Update : poppler (ZYPP Patch Number 4630)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-750.NASL
    description - fix dvips -z buffer overflow with long href (#368591) - fix insecure usage of temporary file in dviljk (#368611, #368641) - update License and BuildRoot tags - fix t1lib flaw CVE-2007-4033 (#352271) - fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121) - xdvi won't segfault if DVI file contains character which is not present in font (#243630) - enable compilation with ccache Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 28314
    published 2007-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28314
    title Fedora Core 6 : tetex-3.0-36.fc6 (2007-750)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-1025.NASL
    description From Red Hat Security Advisory 2007:1025 : Updated gpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. gpdf is a GNOME-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67602
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67602
    title Oracle Linux 4 : gpdf (ELSA-2007-1025)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071107_POPPLER_ON_SL5_X.NASL
    description Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60290
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60290
    title Scientific Linux Security Update : poppler on SL5.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-2985.NASL
    description This is an update to the latest kde-3.5.8 release. For more details, see http://kde.org/announcements/announce-3.5.8.php This also addresses a security issue in kpdf, that can cause crashes or possibly execute arbitrary code, see http://www.kde.org/info/security/advisory-20071107-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-24
    plugin id 28186
    published 2007-11-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28186
    title Fedora 7 : arts-1.5.8-4.fc7 / kde-i18n-3.5.8-1.fc7 / kdeaccessibility-3.5.8-2.fc7 / etc (2007-2985)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-1024.NASL
    description From Red Hat Security Advisory 2007:1024 : Updated kdegraphics packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment. This includes kpdf, a PDF file viewer. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) All kdegraphics users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67601
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67601
    title Oracle Linux 4 : kdegraphics (ELSA-2007-1024)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1025.NASL
    description Updated gpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. gpdf is a GNOME-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 37484
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37484
    title RHEL 4 : gpdf (RHSA-2007:1025)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1021.NASL
    description Updated CUPS packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 27835
    published 2007-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27835
    title RHEL 5 : cups (RHSA-2007:1021)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-4031.NASL
    description This package contains the latest stable upstream release of poppler. New upstream version incorporate fixes for following security issues affecting xpdf code included in poppler: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 It also includes more headers in the -devel subpackage and fixes a problem in the -qt3 subpackage. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 29265
    published 2007-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29265
    title Fedora 8 : poppler-0.6.2-1.fc8 (2007-4031)
oval via4
accepted 2013-04-29T04:23:50.604-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.
family unix
id oval:org.mitre.oval:def:9979
status accepted
submitted 2010-07-09T03:56:16-04:00
title Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2007:1021
  • rhsa
    id RHSA-2007:1022
  • rhsa
    id RHSA-2007:1024
  • rhsa
    id RHSA-2007:1025
  • rhsa
    id RHSA-2007:1026
  • rhsa
    id RHSA-2007:1027
  • rhsa
    id RHSA-2007:1029
  • rhsa
    id RHSA-2007:1030
rpms
  • cups-1:1.2.4-11.14.el5_1.3
  • cups-devel-1:1.2.4-11.14.el5_1.3
  • cups-libs-1:1.2.4-11.14.el5_1.3
  • cups-lpd-1:1.2.4-11.14.el5_1.3
  • cups-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • cups-devel-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • cups-libs-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • kdegraphics-7:3.3.1-6.el4_5
  • kdegraphics-devel-7:3.3.1-6.el4_5
  • gpdf-0:2.8.2-7.7.1
  • poppler-0:0.5.4-4.3.el5_1
  • poppler-devel-0:0.5.4-4.3.el5_1
  • poppler-utils-0:0.5.4-4.3.el5_1
  • tetex-0:2.0.2-22.0.1.EL4.10
  • tetex-afm-0:2.0.2-22.0.1.EL4.10
  • tetex-doc-0:2.0.2-22.0.1.EL4.10
  • tetex-dvips-0:2.0.2-22.0.1.EL4.10
  • tetex-fonts-0:2.0.2-22.0.1.EL4.10
  • tetex-latex-0:2.0.2-22.0.1.EL4.10
  • tetex-xdvi-0:2.0.2-22.0.1.EL4.10
  • tetex-0:3.0-33.2.el5_1.2
  • tetex-afm-0:3.0-33.2.el5_1.2
  • tetex-doc-0:3.0-33.2.el5_1.2
  • tetex-dvips-0:3.0-33.2.el5_1.2
  • tetex-fonts-0:3.0-33.2.el5_1.2
  • tetex-latex-0:3.0-33.2.el5_1.2
  • tetex-xdvi-0:3.0-33.2.el5_1.2
  • xpdf-1:3.00-14.el4
  • xpdf-1:2.02-11.el3
refmap via4
bid 26367
bugtraq 20071107 Secunia Research: Xpdf "Stream.cc" Multiple Vulnerabilities
confirm
debian
  • DSA-1480
  • DSA-1509
  • DSA-1537
fedora
  • FEDORA-2007-3031
  • FEDORA-2007-3059
  • FEDORA-2007-3100
  • FEDORA-2007-3390
  • FEDORA-2007-4031
  • FEDORA-2007-750
gentoo
  • GLSA-200711-22
  • GLSA-200711-34
  • GLSA-200805-13
mandriva
  • MDKSA-2007:219
  • MDKSA-2007:220
  • MDKSA-2007:221
  • MDKSA-2007:222
  • MDKSA-2007:223
  • MDKSA-2007:227
  • MDKSA-2007:228
  • MDKSA-2007:230
misc http://secunia.com/secunia_research/2007-88/advisory/
sectrack 1018905
secunia
  • 26503
  • 27260
  • 27553
  • 27573
  • 27574
  • 27575
  • 27577
  • 27578
  • 27599
  • 27615
  • 27618
  • 27619
  • 27632
  • 27634
  • 27636
  • 27637
  • 27640
  • 27641
  • 27642
  • 27645
  • 27656
  • 27658
  • 27705
  • 27721
  • 27724
  • 27743
  • 27856
  • 28043
  • 28812
  • 29104
  • 29604
  • 30168
slackware SSA:2007-316-01
suse SUSE-SA:2007:060
ubuntu
  • USN-542-1
  • USN-542-2
vupen
  • ADV-2007-3774
  • ADV-2007-3775
  • ADV-2007-3776
  • ADV-2007-3779
  • ADV-2007-3786
xf xpdf-dctstreamread-memory-corruption(38306)
Last major update 07-03-2011 - 21:58
Published 07-11-2007 - 21:46
Last modified 28-09-2017 - 21:29
Back to Top