what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

CVE-2007-5392

Status Candidate

Overview

Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.

Related Files

Debian Linux Security Advisory 1537-1
Posted Apr 4, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1537-1 - Alin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf, a set of tools for display and conversion of Portable Document Format (PDF) files.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | a2b802b314090bc3787a75eb0ebdd17fcb5b1e6f2c714ca4a4c46aa2b2d26bd4
Debian Linux Security Advisory 1509-1
Posted Feb 26, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1509-1 - Several vulnerabilities have been discovered in xpdf code that is embedded in koffice, an integrated office suite for KDE. These flaws could allow an attacker to execute arbitrary code by inducing the user to import a specially crafted PDF document.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | 3cafc58955e44606c4813c3f8ab000b29bd0094c0bcea45a7d1e932a6b8daecf
Debian Linux Security Advisory 1480-1
Posted Feb 6, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1480-1 - Alin Rad Pop discovered several buffer overflows in the Poppler PDF library, which could allow the execution of arbitrary code if a malformed PDF file is opened.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | 351f35d4a89cf79f04f78425068edefe418915d70daa17fd52690d59d2bf1972
Mandriva Linux Security Advisory 2007.230
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw in the t1lib library where an attacker could create a malicious file that would cause tetex to crash or possibly execute arbitrary code when opened. Alin Rad Pop found several flaws in how PDF files are handled in tetex. An attacker could create a malicious PDF file that would cause tetex to crash or potentially execute arbitrary code when opened. A stack-based buffer overflow in dvips in tetex allows for user-assisted attackers to execute arbitrary code via a DVI file with a long href tag. A vulnerability in dvips in tetex allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. Multiple buffer overflows in dviljk in tetext may allow users-assisted attackers to execute arbitrary code via a crafted DVI input file.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2007-5937, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393, CVE-2007-5935, CVE-2007-5936, CVE-2007-4033
SHA-256 | 0f991775c30cb8dd149ffa43aa740074474f1908da8c8544dd63843d28effc58
Mandriva Linux Security Advisory 2007.228
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in cups. An attacker could create a malicious PDF file that would cause cups to crash or potentially execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | 26f792baa8eac68c8351e87ce1a11aa8ddc0a8dc5454c7e57a98ebcc1aa8bbb4
Mandriva Linux Security Advisory 2007.227
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in poppler. An attacker could create a malicious PDF file that would cause poppler to crash or potentially execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | 825fff34785109cf16b4ef4d19fe2069bdac7502d154d456862ff55a09f80ac0
Gentoo Linux Security Advisory 200711-22
Posted Nov 26, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-22 - Alin Rad Pop (Secunia Research) discovered several vulnerabilities in the Stream.cc file of Xpdf: An integer overflow in the DCTStream::reset() method and a boundary error in the CCITTFaxStream::lookChar() method, both leading to heap-based buffer overflows. He also discovered a boundary checking error in the DCTStream::readProgressiveDataUnit() method causing memory corruption. Note: Gentoo's version of Xpdf is patched to use the Poppler library, so the update to Poppler will also fix Xpdf. Versions less than 0.6.1-r1 are affected.

tags | advisory, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | 5f52b9f84d9302e6e300d1d2e51875e562148246b4abd18aa941c15e42413c79
Mandriva Linux Security Advisory 2007.223
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in pdftohtml. An attacker could create a malicious PDF file that would cause pdftohtml to crash or potentially execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | 4d617075810c4ec96a79a14e5d07d775f7c1b109e1d2b61860085c913b9cadd8
Mandriva Linux Security Advisory 2007.222
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in koffice. An attacker could create a malicious PDF file that would cause koffice to crash or potentially execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | 00011fc59b752c2ff881ecce8c41355af5d2a961ea20a553f7f3c7603cf84abf
Mandriva Linux Security Advisory 2007.221
Posted Nov 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in kpdf. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | 5892f55d39db5175066b50606277442cbd55457c7ece2f3dc989861b04e657c6
Mandriva Linux Security Advisory 2007.220
Posted Nov 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in gpdf. An attacker could create a malicious PDF file that would cause gpdf to crash or potentially execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | 8a28188238054dc22c3e3b02e4cec0465ebabb7e550bbba1425252d618648e2c
Mandriva Linux Security Advisory 2007.219
Posted Nov 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in xpdf. An attacker could create a malicious PDF file that would cause xpdf to crash or potentially execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | 99546d27939433796467df61148f5135aec855b704c2ef4efc6f14747d7f224c
Ubuntu Security Notice 542-2
Posted Nov 16, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 542-2 - USN-542-1 fixed a vulnerability in poppler. This update provides the corresponding updates for KWord, part of KOffice. Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges in applications linked against poppler.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | e9318627f214f231de15eea94149771dd037cc830d63ac842e1656b9659673a3
SUSE-SA-2007-060.txt
Posted Nov 15, 2007
Site suse.com

SUSE Security Announcement - Secunia Research reported three security bugs in xpdf. The first problem occurs while indexing an array in DCTStream:: readProgressiveDataUnit(). Another method in the same class named reset() is vulnerable to an integer overflow which leads to an overflow on the heap. The last bug also causes an overflow on the heap but this time in method lookChar() of class CCITTFaxStream.

tags | advisory, overflow
systems | linux, suse
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | 5f88e680d2da9bf0a5cf06f3bcdfb825ad1ada6a02114a0c38c121fd3358df12
Ubuntu Security Notice 542-1
Posted Nov 14, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 542-1 - Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges in applications linked against poppler.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | de02dcf4b1c56547ae229931ba3e629be0c36f1b5a080791408fb775db6cacc1
secunia-xpdf.txt
Posted Nov 7, 2007
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system. An array indexing error, integer overflow, and boundary error all exist. Xpdf version 3.02 with the xpdf-3.02pl1.patch is affected.

tags | advisory, overflow, vulnerability
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
SHA-256 | db7926f6baf6cd881e47ceeba424de373bbceb3b243705bc23d61922f9cb077e
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close