what you don't know can hurt you
Showing 1 - 17 of 17 RSS Feed

CVE-2007-5393

Status Candidate

Overview

Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.

Related Files

Debian Linux Security Advisory 1537-1
Posted Apr 4, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1537-1 - Alin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf, a set of tools for display and conversion of Portable Document Format (PDF) files.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
MD5 | d48aae6288a7f069b72300c4ff33fcda
Debian Linux Security Advisory 1509-1
Posted Feb 26, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1509-1 - Several vulnerabilities have been discovered in xpdf code that is embedded in koffice, an integrated office suite for KDE. These flaws could allow an attacker to execute arbitrary code by inducing the user to import a specially crafted PDF document.

tags | advisory, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
MD5 | 24398930a6503c729ca0bb857c09e9c3
Debian Linux Security Advisory 1480-1
Posted Feb 6, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1480-1 - Alin Rad Pop discovered several buffer overflows in the Poppler PDF library, which could allow the execution of arbitrary code if a malformed PDF file is opened.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
MD5 | c30ee030a44ee251528b284774f55794
Debian Linux Security Advisory 1408-1
Posted Nov 26, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1408-1 - Alin Rad Pop discovered a buffer overflow in kpdf, which could allow the execution of arbitrary code if a malformed PDF file is displayed.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2007-5393
MD5 | d3bd82722c3c37c0e3e39ebceeb95f80
Mandriva Linux Security Advisory 2007.230
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw in the t1lib library where an attacker could create a malicious file that would cause tetex to crash or possibly execute arbitrary code when opened. Alin Rad Pop found several flaws in how PDF files are handled in tetex. An attacker could create a malicious PDF file that would cause tetex to crash or potentially execute arbitrary code when opened. A stack-based buffer overflow in dvips in tetex allows for user-assisted attackers to execute arbitrary code via a DVI file with a long href tag. A vulnerability in dvips in tetex allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. Multiple buffer overflows in dviljk in tetext may allow users-assisted attackers to execute arbitrary code via a crafted DVI input file.

tags | advisory, overflow, arbitrary, local
systems | linux, mandriva
advisories | CVE-2007-5937, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393, CVE-2007-5935, CVE-2007-5936, CVE-2007-4033
MD5 | 187635521c833ac66c89ca720f5fcc3d
Mandriva Linux Security Advisory 2007.228
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in cups. An attacker could create a malicious PDF file that would cause cups to crash or potentially execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
MD5 | 3b63964426b583b7859d5d456d6c969d
Mandriva Linux Security Advisory 2007.227
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in poppler. An attacker could create a malicious PDF file that would cause poppler to crash or potentially execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
MD5 | 89d580be4bc84ec7277dde50a2f6dd89
Gentoo Linux Security Advisory 200711-22
Posted Nov 26, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200711-22 - Alin Rad Pop (Secunia Research) discovered several vulnerabilities in the Stream.cc file of Xpdf: An integer overflow in the DCTStream::reset() method and a boundary error in the CCITTFaxStream::lookChar() method, both leading to heap-based buffer overflows. He also discovered a boundary checking error in the DCTStream::readProgressiveDataUnit() method causing memory corruption. Note: Gentoo's version of Xpdf is patched to use the Poppler library, so the update to Poppler will also fix Xpdf. Versions less than 0.6.1-r1 are affected.

tags | advisory, overflow, vulnerability
systems | linux, gentoo
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
MD5 | cf524b80ddac93d7e85c3902d5b2422a
Mandriva Linux Security Advisory 2007.223
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in pdftohtml. An attacker could create a malicious PDF file that would cause pdftohtml to crash or potentially execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
MD5 | 3a6082d40c24a99449767333148956af
Mandriva Linux Security Advisory 2007.222
Posted Nov 26, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in koffice. An attacker could create a malicious PDF file that would cause koffice to crash or potentially execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
MD5 | b1b3fdc38e368c4d50af7677b8475a7f
Mandriva Linux Security Advisory 2007.221
Posted Nov 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in kpdf. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
MD5 | 653876dc602521aaabe631ca6bf660a3
Mandriva Linux Security Advisory 2007.220
Posted Nov 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in gpdf. An attacker could create a malicious PDF file that would cause gpdf to crash or potentially execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
MD5 | 69593546afb721d6fb53d6aaded7144b
Mandriva Linux Security Advisory 2007.219
Posted Nov 16, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in xpdf. An attacker could create a malicious PDF file that would cause xpdf to crash or potentially execute arbitrary code when opened.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
MD5 | f2df8f41505283862496fbe63d3514af
Ubuntu Security Notice 542-2
Posted Nov 16, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 542-2 - USN-542-1 fixed a vulnerability in poppler. This update provides the corresponding updates for KWord, part of KOffice. Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges in applications linked against poppler.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
MD5 | bac4e1bd42fa4b7ac989e879f7e27092
SUSE-SA-2007-060.txt
Posted Nov 15, 2007
Site suse.com

SUSE Security Announcement - Secunia Research reported three security bugs in xpdf. The first problem occurs while indexing an array in DCTStream:: readProgressiveDataUnit(). Another method in the same class named reset() is vulnerable to an integer overflow which leads to an overflow on the heap. The last bug also causes an overflow on the heap but this time in method lookChar() of class CCITTFaxStream.

tags | advisory, overflow
systems | linux, suse
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
MD5 | ff6840ca89a9d121a0be10b428b0703d
Ubuntu Security Notice 542-1
Posted Nov 14, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 542-1 - Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges in applications linked against poppler.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
MD5 | 6a3cdb4262a56a28bb1e8531133cb0e7
secunia-xpdf.txt
Posted Nov 7, 2007
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system. An array indexing error, integer overflow, and boundary error all exist. Xpdf version 3.02 with the xpdf-3.02pl1.patch is affected.

tags | advisory, overflow, vulnerability
advisories | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
MD5 | 799a1d5d74d1d0cd593022e5323f4b12
Page 1 of 1
Back1Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    11 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close