Published: 09/01/2007 Updated: 16/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE prior to 3.5.5, (c) poppler prior to 0.5.4, and other products, allows remote malicious users to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xpdf xpdf 3.0_pl2
xpdf xpdf 3.0
xpdf xpdf 3.0.1
xpdf xpdf 3.0.1_pl1
xpdf xpdf 3.0.1_pl2
kde kde 3.2
kde kde 3.4
kde kde 3.4.1
kde kde 3.2.3
kde kde 3.3
kde kde 3.5
kde kde 3.2.1
kde kde 3.2.2
kde kde 3.4.2
kde kde 3.4.3
kde kde 3.3.1
kde kde 3.3.2

Debian Bug report logs - #406852 xpdf: CVE-2007-0104 rogue Pages setting or catalog dictionary security hole Package: xpdf; Maintainer for xpdf is Debian QA Group <packages@qadebianorg>; Source for xpdf is src:xpdf (PTS, buildd, popcon) Reported by: dwkenned@comcastnet (David Kennedy) Date: Sun, 14 Jan 2007 16:33:03 UTC ...

The poppler PDF loader library did not limit the recursion depth of the page model tree By tricking a user into opening a specially crafter PDF file, this could be exploited to trigger an infinite loop and eventually crash an application that uses this library ...

USN-410-1 fixed vulnerabilities in the poppler PDF loader library This update provides the corresponding updates for a copy of this code in tetex-bin in Ubuntu 510 Versions of tetex-bin after Ubuntu 510 use poppler directly and do not need a separate update ...

CWE-20 http://www.securityfocus.com/bid/21910 http://projects.info-pull.com/moab/MOAB-06-01-2007.html http://www.kde.org/info/security/advisory-20070115-1.txt https://issues.rpath.com/browse/RPL-964 http://support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html http://docs.info.apple.com/article.html?artnum=305214 http://www.mandriva.com/security/advisories?name=MDKSA-2007:018 http://www.mandriva.com/security/advisories?name=MDKSA-2007:020 http://www.mandriva.com/security/advisories?name=MDKSA-2007:022 http://www.novell.com/linux/security/advisories/2007_3_sr.html http://www.ubuntu.com/usn/usn-410-1 http://www.ubuntu.com/usn/usn-410-2 http://securitytracker.com/id?1017514 http://www.securitytracker.com/id?1017749 http://secunia.com/advisories/23799 http://secunia.com/advisories/23791 http://secunia.com/advisories/23808 http://secunia.com/advisories/23813 http://secunia.com/advisories/23815 http://secunia.com/advisories/23844 http://secunia.com/advisories/23839 http://secunia.com/advisories/23876 http://secunia.com/advisories/24204 http://secunia.com/advisories/24479 http://www.mandriva.com/security/advisories?name=MDKSA-2007:019 http://www.mandriva.com/security/advisories?name=MDKSA-2007:021 http://www.mandriva.com/security/advisories?name=MDKSA-2007:024 http://www.us-cert.gov/cas/techalerts/TA07-072A.html http://www.vupen.com/english/advisories/2007/0212 http://www.vupen.com/english/advisories/2007/0930 http://www.vupen.com/english/advisories/2007/0203 http://www.vupen.com/english/advisories/2007/0244 https://exchange.xforce.ibmcloud.com/vulnerabilities/31364 http://www.securityfocus.com/archive/1/457055/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=406852 https://usn.ubuntu.com/410-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-0104

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect