CVE-2007-0104

Published: 9 January 2007

The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

Priority

Status

Package	Release	Status
kdegraphics Launchpad, Ubuntu, Debian	dapper	Not vulnerable
	edgy	Not vulnerable
	feisty	Not vulnerable
	upstream	Needs triage
koffice Launchpad, Ubuntu, Debian	dapper	Released (1.5.0-0ubuntu9.2)
	edgy	Released (1.5.2-0ubuntu2.2)
	feisty	Released (1.6.2-0ubuntu1.1)
	upstream	Needs triage
poppler Launchpad, Ubuntu, Debian	dapper	Released (0.5.1-0ubuntu7.2)
	edgy	Released (0.5.4-0ubuntu4.2)
	feisty	Released (0.5.4-0ubuntu8.1)
	upstream	Needs triage
tetex-bin Launchpad, Ubuntu, Debian	dapper	Not vulnerable
	edgy	Not vulnerable
	feisty	Not vulnerable
	upstream	Needs triage
xpdf Launchpad, Ubuntu, Debian	dapper	Released (3.01-7ubuntu0.1)
	edgy	Released (3.01-9ubuntu1.1)
	feisty	Released (3.01-9ubuntu3)
	upstream	Needs triage

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2007-0104

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading