Vulnerability CVE-2007-0104


Published: 2007-01-08   Modified: 2012-02-12

Description:
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

Type:

CWE-20

(Improper Input Validation)

Vendor: KDE
Product: KDE 
Version:
3.5
3.4.3
3.4.2
3.4.1
3.4
3.3.2
3.3.1
3.3
3.2.3
3.2.2
3.2.1
3.2
Vendor: XPDF
Product: XPDF 
Version:
3.0_pl2
3.0.1_pl2
3.0.1_pl1
3.0.1
3.0

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://docs.info.apple.com/article.html?artnum=305214
http://projects.info-pull.com/moab/MOAB-06-01-2007.html
http://securitytracker.com/id?1017514
http://support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html
http://www.kde.org/info/security/advisory-20070115-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:018
http://www.mandriva.com/security/advisories?name=MDKSA-2007:019
http://www.mandriva.com/security/advisories?name=MDKSA-2007:020
http://www.mandriva.com/security/advisories?name=MDKSA-2007:021
http://www.mandriva.com/security/advisories?name=MDKSA-2007:022
http://www.mandriva.com/security/advisories?name=MDKSA-2007:024
http://www.novell.com/linux/security/advisories/2007_3_sr.html
http://www.securityfocus.com/archive/1/457055/100/0/threaded
http://www.securityfocus.com/bid/21910
http://www.securitytracker.com/id?1017749
http://www.ubuntu.com/usn/usn-410-1
http://www.ubuntu.com/usn/usn-410-2
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
http://www.vupen.com/english/advisories/2007/0203
http://www.vupen.com/english/advisories/2007/0212
http://www.vupen.com/english/advisories/2007/0244
http://www.vupen.com/english/advisories/2007/0930
https://exchange.xforce.ibmcloud.com/vulnerabilities/31364
https://issues.rpath.com/browse/RPL-964

Related CVE
CVE-2009-4035
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers ...
CVE-2007-5393
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
CVE-2007-5392
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
CVE-2007-4352
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code v...
CVE-2007-3387
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute...
CVE-2006-1244
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving error...
CVE-2006-0746
Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627.
CVE-2006-0301
Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted...

Copyright 2019, cxsecurity.com

 

Back to Top