Lucene search

[email protected]CVE-2007-4352

HistoryNov 08, 2007 - 2:46 a.m.

CVE-2007-4352

2007-11-0802:46:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-4352

array index error

dctstream

readprogressivedataunit

xpdf

memory corruption

arbitrary code

pdf

remote code execution

7.5 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.135 Low

EPSS

Percentile

95.6%

JSON

Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.

CPENameOperatorVersion
xpdf:xpdfxpdfeq3.0.1_pl1

CPE	Name	Operator	Version
xpdf:xpdf	xpdf	eq	3.0.1_pl1

References

secunia.com/advisories/26503

secunia.com/advisories/27260

secunia.com/advisories/27553

secunia.com/advisories/27573

secunia.com/advisories/27574

secunia.com/advisories/27575

secunia.com/advisories/27577

secunia.com/advisories/27578

secunia.com/advisories/27599

secunia.com/advisories/27615

secunia.com/advisories/27618

secunia.com/advisories/27619

secunia.com/advisories/27632

secunia.com/advisories/27634

secunia.com/advisories/27636

secunia.com/advisories/27637

secunia.com/advisories/27640

secunia.com/advisories/27641

secunia.com/advisories/27642

secunia.com/advisories/27645

secunia.com/advisories/27656

secunia.com/advisories/27658

secunia.com/advisories/27705

secunia.com/advisories/27721

secunia.com/advisories/27724

secunia.com/advisories/27743

secunia.com/advisories/27856

secunia.com/advisories/28043

secunia.com/advisories/28812

secunia.com/advisories/29104

secunia.com/advisories/29604

secunia.com/advisories/30168

secunia.com/secunia_research/2007-88/advisory/

security.gentoo.org/glsa/glsa-200711-22.xml

security.gentoo.org/glsa/glsa-200711-34.xml

security.gentoo.org/glsa/glsa-200805-13.xml

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882

support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.html

support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.html

support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html

support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.html

support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html

www.debian.org/security/2008/dsa-1480

www.debian.org/security/2008/dsa-1509

www.debian.org/security/2008/dsa-1537

www.kde.org/info/security/advisory-20071107-1.txt

www.mandriva.com/security/advisories?name=MDKSA-2007:219

www.mandriva.com/security/advisories?name=MDKSA-2007:220

www.mandriva.com/security/advisories?name=MDKSA-2007:221

www.mandriva.com/security/advisories?name=MDKSA-2007:222

www.mandriva.com/security/advisories?name=MDKSA-2007:223

www.mandriva.com/security/advisories?name=MDKSA-2007:227

www.mandriva.com/security/advisories?name=MDKSA-2007:228

www.mandriva.com/security/advisories?name=MDKSA-2007:230

www.novell.com/linux/security/advisories/2007_60_pdf.html

www.redhat.com/support/errata/RHSA-2007-1021.html

www.redhat.com/support/errata/RHSA-2007-1022.html

www.redhat.com/support/errata/RHSA-2007-1024.html

www.redhat.com/support/errata/RHSA-2007-1025.html

www.redhat.com/support/errata/RHSA-2007-1026.html

www.redhat.com/support/errata/RHSA-2007-1027.html

www.redhat.com/support/errata/RHSA-2007-1029.html

www.redhat.com/support/errata/RHSA-2007-1030.html

www.securityfocus.com/archive/1/483372

www.securityfocus.com/bid/26367

www.securitytracker.com/id?1018905

www.ubuntu.com/usn/usn-542-1

www.ubuntu.com/usn/usn-542-2

www.vupen.com/english/advisories/2007/3774

www.vupen.com/english/advisories/2007/3775

www.vupen.com/english/advisories/2007/3776

www.vupen.com/english/advisories/2007/3779

www.vupen.com/english/advisories/2007/3786

exchange.xforce.ibmcloud.com/vulnerabilities/38306

issues.rpath.com/browse/RPL-1926

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9979

www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html

www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html

www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html

www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html

www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html

www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html

7.5 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.135 Low

EPSS

Percentile

95.6%

JSON

Related for CVE-2007-4352

prion1 veracode1 ubuntucve1 debiancve1 seebug1 fedora25 openvas83 nessus55 securityvulns2 redhat7 suse1 debian5 osv3 centos4 oraclelinux4 ubuntu2 altlinux1 freebsd1 gentoo1