CVE-2007-4352

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-4352
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.

7.6 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://secunia.com/advisories/26503
http://secunia.com/advisories/27260 Patch Vendor Advisory
http://secunia.com/advisories/27553
http://secunia.com/advisories/27573
http://secunia.com/advisories/27574
http://secunia.com/advisories/27575
http://secunia.com/advisories/27577
http://secunia.com/advisories/27578
http://secunia.com/advisories/27599
http://secunia.com/advisories/27615
http://secunia.com/advisories/27618
http://secunia.com/advisories/27619
http://secunia.com/advisories/27632
http://secunia.com/advisories/27634
http://secunia.com/advisories/27636
http://secunia.com/advisories/27637
http://secunia.com/advisories/27640
http://secunia.com/advisories/27641
http://secunia.com/advisories/27642
http://secunia.com/advisories/27645
http://secunia.com/advisories/27656
http://secunia.com/advisories/27658
http://secunia.com/advisories/27705
http://secunia.com/advisories/27721
http://secunia.com/advisories/27724
http://secunia.com/advisories/27743
http://secunia.com/advisories/27856
http://secunia.com/advisories/28043
http://secunia.com/advisories/28812
http://secunia.com/advisories/29104
http://secunia.com/advisories/29604
http://secunia.com/advisories/30168
http://secunia.com/secunia_research/2007-88/advisory/ Vendor Advisory
http://security.gentoo.org/glsa/glsa-200711-22.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.html
http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.html
http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html
http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.html
http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html
http://www.debian.org/security/2008/dsa-1480
http://www.debian.org/security/2008/dsa-1509
http://www.debian.org/security/2008/dsa-1537
http://www.kde.org/info/security/advisory-20071107-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:219
http://www.mandriva.com/security/advisories?name=MDKSA-2007:220
http://www.mandriva.com/security/advisories?name=MDKSA-2007:221
http://www.mandriva.com/security/advisories?name=MDKSA-2007:222
http://www.mandriva.com/security/advisories?name=MDKSA-2007:223
http://www.mandriva.com/security/advisories?name=MDKSA-2007:227
http://www.mandriva.com/security/advisories?name=MDKSA-2007:228
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
http://www.novell.com/linux/security/advisories/2007_60_pdf.html
http://www.redhat.com/support/errata/RHSA-2007-1021.html
http://www.redhat.com/support/errata/RHSA-2007-1022.html
http://www.redhat.com/support/errata/RHSA-2007-1024.html
http://www.redhat.com/support/errata/RHSA-2007-1025.html
http://www.redhat.com/support/errata/RHSA-2007-1026.html
http://www.redhat.com/support/errata/RHSA-2007-1027.html
http://www.redhat.com/support/errata/RHSA-2007-1029.html
http://www.redhat.com/support/errata/RHSA-2007-1030.html
http://www.securityfocus.com/archive/1/483372
http://www.securityfocus.com/bid/26367
http://www.securitytracker.com/id?1018905
http://www.ubuntu.com/usn/usn-542-1
http://www.ubuntu.com/usn/usn-542-2
http://www.vupen.com/english/advisories/2007/3774
http://www.vupen.com/english/advisories/2007/3775
http://www.vupen.com/english/advisories/2007/3776
http://www.vupen.com/english/advisories/2007/3779
http://www.vupen.com/english/advisories/2007/3786
https://exchange.xforce.ibmcloud.com/vulnerabilities/38306
https://issues.rpath.com/browse/RPL-1926
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9979
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html
http://secunia.com/advisories/26503
http://secunia.com/advisories/27260 Patch Vendor Advisory
http://secunia.com/advisories/27553
http://secunia.com/advisories/27573
http://secunia.com/advisories/27574
http://secunia.com/advisories/27575
http://secunia.com/advisories/27577
http://secunia.com/advisories/27578
http://secunia.com/advisories/27599
http://secunia.com/advisories/27615
http://secunia.com/advisories/27618
http://secunia.com/advisories/27619
http://secunia.com/advisories/27632
http://secunia.com/advisories/27634
http://secunia.com/advisories/27636
http://secunia.com/advisories/27637
http://secunia.com/advisories/27640
http://secunia.com/advisories/27641
http://secunia.com/advisories/27642
http://secunia.com/advisories/27645
http://secunia.com/advisories/27656
http://secunia.com/advisories/27658
http://secunia.com/advisories/27705
http://secunia.com/advisories/27721
http://secunia.com/advisories/27724
http://secunia.com/advisories/27743
http://secunia.com/advisories/27856
http://secunia.com/advisories/28043
http://secunia.com/advisories/28812
http://secunia.com/advisories/29104
http://secunia.com/advisories/29604
http://secunia.com/advisories/30168
http://secunia.com/secunia_research/2007-88/advisory/ Vendor Advisory
http://security.gentoo.org/glsa/glsa-200711-22.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.html
http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.html
http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html
http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.html
http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html
http://www.debian.org/security/2008/dsa-1480
http://www.debian.org/security/2008/dsa-1509
http://www.debian.org/security/2008/dsa-1537
http://www.kde.org/info/security/advisory-20071107-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:219
http://www.mandriva.com/security/advisories?name=MDKSA-2007:220
http://www.mandriva.com/security/advisories?name=MDKSA-2007:221
http://www.mandriva.com/security/advisories?name=MDKSA-2007:222
http://www.mandriva.com/security/advisories?name=MDKSA-2007:223
http://www.mandriva.com/security/advisories?name=MDKSA-2007:227
http://www.mandriva.com/security/advisories?name=MDKSA-2007:228
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
http://www.novell.com/linux/security/advisories/2007_60_pdf.html
http://www.redhat.com/support/errata/RHSA-2007-1021.html
http://www.redhat.com/support/errata/RHSA-2007-1022.html
http://www.redhat.com/support/errata/RHSA-2007-1024.html
http://www.redhat.com/support/errata/RHSA-2007-1025.html
http://www.redhat.com/support/errata/RHSA-2007-1026.html
http://www.redhat.com/support/errata/RHSA-2007-1027.html
http://www.redhat.com/support/errata/RHSA-2007-1029.html
http://www.redhat.com/support/errata/RHSA-2007-1030.html
http://www.securityfocus.com/archive/1/483372
http://www.securityfocus.com/bid/26367
http://www.securitytracker.com/id?1018905
http://www.ubuntu.com/usn/usn-542-1
http://www.ubuntu.com/usn/usn-542-2
http://www.vupen.com/english/advisories/2007/3774
http://www.vupen.com/english/advisories/2007/3775
http://www.vupen.com/english/advisories/2007/3776
http://www.vupen.com/english/advisories/2007/3779
http://www.vupen.com/english/advisories/2007/3786
https://exchange.xforce.ibmcloud.com/vulnerabilities/38306
https://issues.rpath.com/browse/RPL-1926
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9979
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html
Configurations

Configuration 1 (hide)

cpe:2.3:a:xpdf:xpdf:3.0.1_pl1:*:*:*:*:*:*:*
History

21 Nov 2024, 00:35

Type Values Removed Values Added
References () http://secunia.com/advisories/26503 - () http://secunia.com/advisories/26503 -
References () http://secunia.com/advisories/27260 - Patch, Vendor Advisory () http://secunia.com/advisories/27260 - Patch, Vendor Advisory
References () http://secunia.com/advisories/27553 - () http://secunia.com/advisories/27553 -
References () http://secunia.com/advisories/27573 - () http://secunia.com/advisories/27573 -
References () http://secunia.com/advisories/27574 - () http://secunia.com/advisories/27574 -
References () http://secunia.com/advisories/27575 - () http://secunia.com/advisories/27575 -
References () http://secunia.com/advisories/27577 - () http://secunia.com/advisories/27577 -
References () http://secunia.com/advisories/27578 - () http://secunia.com/advisories/27578 -
References () http://secunia.com/advisories/27599 - () http://secunia.com/advisories/27599 -
References () http://secunia.com/advisories/27615 - () http://secunia.com/advisories/27615 -
References () http://secunia.com/advisories/27618 - () http://secunia.com/advisories/27618 -
References () http://secunia.com/advisories/27619 - () http://secunia.com/advisories/27619 -
References () http://secunia.com/advisories/27632 - () http://secunia.com/advisories/27632 -
References () http://secunia.com/advisories/27634 - () http://secunia.com/advisories/27634 -
References () http://secunia.com/advisories/27636 - () http://secunia.com/advisories/27636 -
References () http://secunia.com/advisories/27637 - () http://secunia.com/advisories/27637 -
References () http://secunia.com/advisories/27640 - () http://secunia.com/advisories/27640 -
References () http://secunia.com/advisories/27641 - () http://secunia.com/advisories/27641 -
References () http://secunia.com/advisories/27642 - () http://secunia.com/advisories/27642 -
References () http://secunia.com/advisories/27645 - () http://secunia.com/advisories/27645 -
References () http://secunia.com/advisories/27656 - () http://secunia.com/advisories/27656 -
References () http://secunia.com/advisories/27658 - () http://secunia.com/advisories/27658 -
References () http://secunia.com/advisories/27705 - () http://secunia.com/advisories/27705 -
References () http://secunia.com/advisories/27721 - () http://secunia.com/advisories/27721 -
References () http://secunia.com/advisories/27724 - () http://secunia.com/advisories/27724 -
References () http://secunia.com/advisories/27743 - () http://secunia.com/advisories/27743 -
References () http://secunia.com/advisories/27856 - () http://secunia.com/advisories/27856 -
References () http://secunia.com/advisories/28043 - () http://secunia.com/advisories/28043 -
References () http://secunia.com/advisories/28812 - () http://secunia.com/advisories/28812 -
References () http://secunia.com/advisories/29104 - () http://secunia.com/advisories/29104 -
References () http://secunia.com/advisories/29604 - () http://secunia.com/advisories/29604 -
References () http://secunia.com/advisories/30168 - () http://secunia.com/advisories/30168 -
References () http://secunia.com/secunia_research/2007-88/advisory/ - Vendor Advisory () http://secunia.com/secunia_research/2007-88/advisory/ - Vendor Advisory
References () http://security.gentoo.org/glsa/glsa-200711-22.xml - () http://security.gentoo.org/glsa/glsa-200711-22.xml -
References () http://security.gentoo.org/glsa/glsa-200711-34.xml - () http://security.gentoo.org/glsa/glsa-200711-34.xml -
References () http://security.gentoo.org/glsa/glsa-200805-13.xml - () http://security.gentoo.org/glsa/glsa-200805-13.xml -
References () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882 - () http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882 -
References () http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.html - () http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.html -
References () http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.html - () http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.html -
References () http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html - () http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html -
References () http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.html - () http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.html -
References () http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html - () http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html -
References () http://www.debian.org/security/2008/dsa-1480 - () http://www.debian.org/security/2008/dsa-1480 -
References () http://www.debian.org/security/2008/dsa-1509 - () http://www.debian.org/security/2008/dsa-1509 -
References () http://www.debian.org/security/2008/dsa-1537 - () http://www.debian.org/security/2008/dsa-1537 -
References () http://www.kde.org/info/security/advisory-20071107-1.txt - () http://www.kde.org/info/security/advisory-20071107-1.txt -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:219 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:219 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:220 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:220 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:221 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:221 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:222 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:222 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:223 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:223 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:227 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:227 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:228 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:228 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:230 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:230 -
References () http://www.novell.com/linux/security/advisories/2007_60_pdf.html - () http://www.novell.com/linux/security/advisories/2007_60_pdf.html -
References () http://www.redhat.com/support/errata/RHSA-2007-1021.html - () http://www.redhat.com/support/errata/RHSA-2007-1021.html -
References () http://www.redhat.com/support/errata/RHSA-2007-1022.html - () http://www.redhat.com/support/errata/RHSA-2007-1022.html -
References () http://www.redhat.com/support/errata/RHSA-2007-1024.html - () http://www.redhat.com/support/errata/RHSA-2007-1024.html -
References () http://www.redhat.com/support/errata/RHSA-2007-1025.html - () http://www.redhat.com/support/errata/RHSA-2007-1025.html -
References () http://www.redhat.com/support/errata/RHSA-2007-1026.html - () http://www.redhat.com/support/errata/RHSA-2007-1026.html -
References () http://www.redhat.com/support/errata/RHSA-2007-1027.html - () http://www.redhat.com/support/errata/RHSA-2007-1027.html -
References () http://www.redhat.com/support/errata/RHSA-2007-1029.html - () http://www.redhat.com/support/errata/RHSA-2007-1029.html -
References () http://www.redhat.com/support/errata/RHSA-2007-1030.html - () http://www.redhat.com/support/errata/RHSA-2007-1030.html -
References () http://www.securityfocus.com/archive/1/483372 - () http://www.securityfocus.com/archive/1/483372 -
References () http://www.securityfocus.com/bid/26367 - () http://www.securityfocus.com/bid/26367 -
References () http://www.securitytracker.com/id?1018905 - () http://www.securitytracker.com/id?1018905 -
References () http://www.ubuntu.com/usn/usn-542-1 - () http://www.ubuntu.com/usn/usn-542-1 -
References () http://www.ubuntu.com/usn/usn-542-2 - () http://www.ubuntu.com/usn/usn-542-2 -
References () http://www.vupen.com/english/advisories/2007/3774 - () http://www.vupen.com/english/advisories/2007/3774 -
References () http://www.vupen.com/english/advisories/2007/3775 - () http://www.vupen.com/english/advisories/2007/3775 -
References () http://www.vupen.com/english/advisories/2007/3776 - () http://www.vupen.com/english/advisories/2007/3776 -
References () http://www.vupen.com/english/advisories/2007/3779 - () http://www.vupen.com/english/advisories/2007/3779 -
References () http://www.vupen.com/english/advisories/2007/3786 - () http://www.vupen.com/english/advisories/2007/3786 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/38306 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/38306 -
References () https://issues.rpath.com/browse/RPL-1926 - () https://issues.rpath.com/browse/RPL-1926 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9979 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9979 -
References () https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html - () https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html -
References () https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html - () https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html -
References () https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html - () https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html -
References () https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html - () https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html -
References () https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html - () https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html -
References () https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html - () https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html -
Information

Published : 2007-11-08 02:46

Updated : 2024-11-21 00:35

NVD link : CVE-2007-4352

Mitre link : CVE-2007-4352

CVE.ORG link : CVE-2007-4352

JSON object : View

Products Affected

xpdf

  • xpdf
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024