CVE-2007-5392

2007-11-0700:00:00

ubuntu.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.163 Low

EPSS

Percentile

95.9%

JSON

Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf
3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF
file, resulting in a heap-based buffer overflow.

Notes

Author	Note
jdstrand	cupsys on Ubuntu is not directly affected as it depends on poppler-utils or xpdf-utils. poppler-utils is in main and gets pulled in on installation of cupsys. koffice fixed in debian 1:1.6.3-4
fujitsu	ipe doesn’t contain the vulnerable code.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchkoffice< 1:1.5.0-0ubuntu9.3UNKNOWN
ubuntu6.10noarchkoffice< 1:1.5.2-0ubuntu2.3UNKNOWN
ubuntu7.04noarchkoffice< 1:1.6.2-0ubuntu1.2UNKNOWN
ubuntu7.10noarchkoffice< 1:1.6.3-0ubuntu5.1UNKNOWN
ubuntu8.04noarchkoffice< 1:1.6.3-4UNKNOWN
ubuntu8.10noarchkoffice< 1:1.6.3-4UNKNOWN
ubuntu9.04noarchkoffice< 1:1.6.3-4UNKNOWN
ubuntu9.10noarchkoffice< 1:1.6.3-4UNKNOWN
ubuntu6.06noarchlibextractor< 0.5.12-1UNKNOWN
ubuntu6.10noarchlibextractor< 0.5.12-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	koffice	< 1:1.5.0-0ubuntu9.3	UNKNOWN
ubuntu	6.10	noarch	koffice	< 1:1.5.2-0ubuntu2.3	UNKNOWN
ubuntu	7.04	noarch	koffice	< 1:1.6.2-0ubuntu1.2	UNKNOWN
ubuntu	7.10	noarch	koffice	< 1:1.6.3-0ubuntu5.1	UNKNOWN
ubuntu	8.04	noarch	koffice	< 1:1.6.3-4	UNKNOWN
ubuntu	8.10	noarch	koffice	< 1:1.6.3-4	UNKNOWN
ubuntu	9.04	noarch	koffice	< 1:1.6.3-4	UNKNOWN
ubuntu	9.10	noarch	koffice	< 1:1.6.3-4	UNKNOWN
ubuntu	6.06	noarch	libextractor	< 0.5.12-1	UNKNOWN
ubuntu	6.10	noarch	libextractor	< 0.5.12-1	UNKNOWN