Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.6
CVSSv2

CVE-2007-4352

Published: 08/11/2007 Updated: 29/09/2017
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
VMScore: 676
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Xpdf

Vulnerability Summary

Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote malicious users to trigger memory corruption and execute arbitrary code via a crafted PDF file.

Vulnerable Product Search on Vulmon Subscribe to Product

xpdf xpdf 3.0.1_pl1

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution
Debian Bug report logs - #450628 CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution Package: poppler; Maintainer for poppler is Debian freedesktoporg maintainers <pkg-freedesktop-maintainers@listsaliothdebianorg>; Reported by: Nico Golde <nion@debianorg> Date: ...
Ubuntu Security Notice: poppler vulnerabilities
Secunia Research discovered several vulnerabilities in poppler If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user’s privileges in applications linked against poppler ...
Ubuntu Security Notice: koffice vulnerabilities
USN-542-1 fixed a vulnerability in poppler This update provides the corresponding updates for KWord, part of KOffice ...
Debian Security Advisories: DSA-1480-1 poppler -- several vulnerabilities
Alin Rad Pop discovered several buffer overflows in the Poppler PDF library, which could allow the execution of arbitrary code if a malformed PDF file is opened The old stable distribution (sarge) doesn't contain poppler For the stable distribution (etch), these problems have been fixed in version 045-51etch2 We recommend that you upgrade you ...
Debian Security Advisories: DSA-1509-1 koffice -- multiple vulnerabilities
Several vulnerabilities have been discovered in xpdf code that is embedded in koffice, an integrated office suite for KDE These flaws could allow an attacker to execute arbitrary code by inducing the user to import a specially crafted PDF document The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-4352 A ...
Debian Security Advisories: DSA-1537-1 xpdf -- several vulnerabilities
Alin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf, a set of tools for display and conversion of Portable Document Format (PDF) files The Common Vulnerabilities and Exposures project identifies the following three problems: CVE-2007-4352 Inadequate DCT stream validation allows an attacker to corrupt memory and potential ...

References

NVD-CWE-Otherhttp://secunia.com/secunia_research/2007-88/advisory/http://secunia.com/advisories/27260http://www.securityfocus.com/archive/1/483372http://www.kde.org/info/security/advisory-20071107-1.txthttp://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.htmlhttp://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.htmlhttp://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.htmlhttp://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.htmlhttp://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.htmlhttps://issues.rpath.com/browse/RPL-1926https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.htmlhttp://security.gentoo.org/glsa/glsa-200711-22.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:219http://www.mandriva.com/security/advisories?name=MDKSA-2007:220http://www.mandriva.com/security/advisories?name=MDKSA-2007:221http://www.mandriva.com/security/advisories?name=MDKSA-2007:222http://www.mandriva.com/security/advisories?name=MDKSA-2007:223http://www.mandriva.com/security/advisories?name=MDKSA-2007:227http://www.mandriva.com/security/advisories?name=MDKSA-2007:228http://www.mandriva.com/security/advisories?name=MDKSA-2007:230http://www.redhat.com/support/errata/RHSA-2007-1021.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1022.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1025.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1026.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1027.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1029.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1030.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1024.htmlhttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882http://www.novell.com/linux/security/advisories/2007_60_pdf.htmlhttp://www.ubuntu.com/usn/usn-542-1http://www.ubuntu.com/usn/usn-542-2http://www.securityfocus.com/bid/26367http://www.securitytracker.com/id?1018905http://secunia.com/advisories/27553http://secunia.com/advisories/27573http://secunia.com/advisories/27574http://secunia.com/advisories/27575http://secunia.com/advisories/27577http://secunia.com/advisories/27578http://secunia.com/advisories/27615http://secunia.com/advisories/27637http://secunia.com/advisories/27599http://secunia.com/advisories/26503http://secunia.com/advisories/27618http://secunia.com/advisories/27619http://secunia.com/advisories/27640http://secunia.com/advisories/27641http://secunia.com/advisories/27642http://secunia.com/advisories/27656http://secunia.com/advisories/27632http://secunia.com/advisories/27645http://secunia.com/advisories/27636http://secunia.com/advisories/27634http://secunia.com/advisories/27658http://secunia.com/advisories/27705http://secunia.com/advisories/27721http://secunia.com/advisories/27724http://secunia.com/advisories/27743http://secunia.com/advisories/27856https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.htmlhttp://secunia.com/advisories/28043https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.htmlhttp://www.debian.org/security/2008/dsa-1480http://secunia.com/advisories/28812http://www.debian.org/security/2008/dsa-1509http://secunia.com/advisories/29104http://www.debian.org/security/2008/dsa-1537http://secunia.com/advisories/29604http://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://secunia.com/advisories/30168http://www.vupen.com/english/advisories/2007/3776http://www.vupen.com/english/advisories/2007/3774http://www.vupen.com/english/advisories/2007/3786http://www.vupen.com/english/advisories/2007/3775http://www.vupen.com/english/advisories/2007/3779https://exchange.xforce.ibmcloud.com/vulnerabilities/38306https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9979https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450628https://nvd.nist.govhttps://usn.ubuntu.com/542-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook