Lucene search

K
cve[email protected]CVE-2007-5392
HistoryNov 08, 2007 - 2:46 a.m.

CVE-2007-5392

2007-11-0802:46:00
CWE-119
web.nvd.nist.gov
45
cve-2007-5392
integer overflow
dctstream::reset
xpdf 3.02p11
remote code execution
crafted pdf file

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.129 Low

EPSS

Percentile

95.4%

Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.

CPENameOperatorVersion
xpdf:xpdfxpdfeq3.0.1_pl1

References

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.129 Low

EPSS

Percentile

95.4%

Related for CVE-2007-5392