Podatność CVE-2007-3387
Publikacja: 2007-07-30   Modyfikacja: 2012-02-12

Opis:
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Typ:

CWE-189

 (Numeric Errors)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
6.8/10
6.4/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Częściowy
Częściowy
Częściowy
Affected software
XPDF -> XPDF 
Poppler -> Poppler 
Pdfedit -> Pdfedit 
KDE -> Kdegraphics 
KDE -> KPDF 
Gnome -> GPDF 
Easy software products -> CUPS 

 Referencje:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc
http://bugs.gentoo.org/show_bug.cgi?id=187139
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194
http://security.gentoo.org/glsa/glsa-200709-12.xml
http://security.gentoo.org/glsa/glsa-200709-17.xml
http://security.gentoo.org/glsa/glsa-200710-20.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
http://sourceforge.net/project/shownotes.php?release_id=535497
http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm
http://www.debian.org/security/2007/dsa-1347
http://www.debian.org/security/2007/dsa-1348
http://www.debian.org/security/2007/dsa-1349
http://www.debian.org/security/2007/dsa-1350
http://www.debian.org/security/2007/dsa-1352
http://www.debian.org/security/2007/dsa-1354
http://www.debian.org/security/2007/dsa-1355
http://www.debian.org/security/2007/dsa-1357
http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml
http://www.kde.org/info/security/advisory-20070730-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:158
http://www.mandriva.com/security/advisories?name=MDKSA-2007:159
http://www.mandriva.com/security/advisories?name=MDKSA-2007:160
http://www.mandriva.com/security/advisories?name=MDKSA-2007:161
http://www.mandriva.com/security/advisories?name=MDKSA-2007:162
http://www.mandriva.com/security/advisories?name=MDKSA-2007:163
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164
http://www.mandriva.com/security/advisories?name=MDKSA-2007:165
http://www.novell.com/linux/security/advisories/2007_15_sr.html
http://www.novell.com/linux/security/advisories/2007_16_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0720.html
http://www.redhat.com/support/errata/RHSA-2007-0729.html
http://www.redhat.com/support/errata/RHSA-2007-0730.html
http://www.redhat.com/support/errata/RHSA-2007-0731.html
http://www.redhat.com/support/errata/RHSA-2007-0732.html
http://www.redhat.com/support/errata/RHSA-2007-0735.html
http://www.securityfocus.com/archive/1/476508/100/0/threaded
http://www.securityfocus.com/archive/1/476519/30/5400/threaded
http://www.securityfocus.com/archive/1/476765/30/5340/threaded
http://www.securityfocus.com/bid/25124
http://www.securitytracker.com/id?1018473
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670
http://www.ubuntu.com/usn/usn-496-1
http://www.ubuntu.com/usn/usn-496-2
http://www.vupen.com/english/advisories/2007/2704
http://www.vupen.com/english/advisories/2007/2705
https://issues.foresightlinux.org/browse/FL-471
https://issues.rpath.com/browse/RPL-1596
https://issues.rpath.com/browse/RPL-1604
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149
Copyright 2024, cxsecurity.com

 

Back to Top