7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.184 Low
EPSS
Percentile
96.2%
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | cups | < 1.1.23-13 | cups_1.1.23-13_all.deb |
Debian | 11 | all | cups | < 1.1.23-13 | cups_1.1.23-13_all.deb |
Debian | 10 | all | cups | < 1.1.23-13 | cups_1.1.23-13_all.deb |
Debian | 999 | all | cups | < 1.1.23-13 | cups_1.1.23-13_all.deb |
Debian | 13 | all | cups | < 1.1.23-13 | cups_1.1.23-13_all.deb |
Debian | 12 | all | libextractor | < 0.5.8-1 | libextractor_0.5.8-1_all.deb |
Debian | 11 | all | libextractor | < 0.5.8-1 | libextractor_0.5.8-1_all.deb |
Debian | 10 | all | libextractor | < 0.5.8-1 | libextractor_0.5.8-1_all.deb |
Debian | 999 | all | libextractor | < 0.5.8-1 | libextractor_0.5.8-1_all.deb |
Debian | 13 | all | libextractor | < 0.5.8-1 | libextractor_0.5.8-1_all.deb |