7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.096 Low
EPSS
Percentile
94.7%
An iDEFENSE Security Advisory reports:
Remote exploitation of a buffer overflow vulnerability in
the xpdf PDF viewer included in multiple Unix and Linux
distributions could allow for arbitrary code execution as
the user viewing a PDF file.
The vulnerability specifically exists due to insufficient
bounds checking while processing a PDF file that provides
malicious values in the /Encrypt /Length tag. The
offending code can be found in the
Decrypt::makeFileKey2 function in the source
file xpdf/Decrypt.cc.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | xpdf | < 3.00_6 | UNKNOWN |
FreeBSD | any | noarch | kdegraphics | < 3.3.2_2 | UNKNOWN |
FreeBSD | any | noarch | gpdf | < 2.8.3 | UNKNOWN |
FreeBSD | any | noarch | tetex-base | < 2.0.2_9 | UNKNOWN |
FreeBSD | any | noarch | cups-base | < 1.1.23.0_3 | UNKNOWN |
FreeBSD | any | noarch | koffice | < 1.3.5_2,1 | UNKNOWN |
FreeBSD | any | noarch | pdftohtml | < 0.36_2 | UNKNOWN |