Lucene search

K
osvGoogleOSV:DSA-1537-1
HistoryApr 02, 2008 - 12:00 a.m.

xpdf

2008-04-0200:00:00
Google
osv.dev
9

EPSS

0.334

Percentile

97.1%

Alin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf, a set
of tools for display and conversion of Portable Document Format (PDF) files.
The Common Vulnerabilities and Exposures project identifies the following
three problems:

  • CVE-2007-4352
    Inadequate DCT stream validation allows an attacker to corrupt
    memory and potentially execute arbitrary code by supplying a
    maliciously crafted PDF file.
  • CVE-2007-5392
    An integer overflow vulnerability in DCT stream handling could
    allow an attacker to overflow a heap buffer, enabling the execution
    of arbitrary code.
  • CVE-2007-5393
    A buffer overflow vulnerability in xpdf’s CCITT image compression
    handlers allows overflow on the heap, allowing an attacker to
    execute arbitrary code by supplying a maliciously crafted
    CCITTFaxDecode filter.

For the stable distribution (etch), these problems have been fixed in
version 3.01-9.1+etch2.

For the unstable distribution (sid), these problems have been fixed in
version 3.02-1.3.

We recommend that you upgrade your xpdf packages.

CPENameOperatorVersion
xpdfeq3.01-9
xpdfeq3.01-9etch1