CVE-2007-0104
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
93.9%
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, Β© poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| xpdf | xpdf | 3.0 | cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:* |
| xpdf | xpdf | 3.0.1 | cpe:2.3:a:xpdf:xpdf:3.0.1:*:*:*:*:*:*:* |
| xpdf | xpdf | 3.0.1_pl1 | cpe:2.3:a:xpdf:xpdf:3.0.1_pl1:*:*:*:*:*:*:* |
| xpdf | xpdf | 3.0.1_pl2 | cpe:2.3:a:xpdf:xpdf:3.0.1_pl2:*:*:*:*:*:*:* |
| xpdf | xpdf | 3.0_pl2 | cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:* |
| kde | kde | 3.2 | cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:* |
| kde | kde | 3.2.1 | cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:* |
| kde | kde | 3.2.2 | cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:* |
| kde | kde | 3.2.3 | cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:* |
| kde | kde | 3.3 | cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:* |
References
docs.info.apple.com/article.html?artnum=305214
projects.info-pull.com/moab/MOAB-06-01-2007.html
secunia.com/advisories/23791
secunia.com/advisories/23799
secunia.com/advisories/23808
secunia.com/advisories/23813
secunia.com/advisories/23815
secunia.com/advisories/23839
secunia.com/advisories/23844
secunia.com/advisories/23876
secunia.com/advisories/24204
secunia.com/advisories/24479
securitytracker.com/id?1017514
support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html
www.kde.org/info/security/advisory-20070115-1.txt
www.mandriva.com/security/advisories?name=MDKSA-2007:018
www.mandriva.com/security/advisories?name=MDKSA-2007:019
www.mandriva.com/security/advisories?name=MDKSA-2007:020
www.mandriva.com/security/advisories?name=MDKSA-2007:021
www.mandriva.com/security/advisories?name=MDKSA-2007:022
www.mandriva.com/security/advisories?name=MDKSA-2007:024
www.novell.com/linux/security/advisories/2007_3_sr.html
www.securityfocus.com/archive/1/457055/100/0/threaded
www.securityfocus.com/bid/21910
www.securitytracker.com/id?1017749
www.ubuntu.com/usn/usn-410-1
www.ubuntu.com/usn/usn-410-2
www.us-cert.gov/cas/techalerts/TA07-072A.html
www.vupen.com/english/advisories/2007/0203
www.vupen.com/english/advisories/2007/0212
www.vupen.com/english/advisories/2007/0244
www.vupen.com/english/advisories/2007/0930
exchange.xforce.ibmcloud.com/vulnerabilities/31364
issues.rpath.com/browse/RPL-964
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
93.9%