CVE-2007-5392

Published: 07 November 2007

Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.

Priority

Medium

Status

Package Release Status
cups
Launchpad, Ubuntu, Debian
Upstream Needs triage

cupsys
Launchpad, Ubuntu, Debian
Upstream Needs triage

gpdf
Launchpad, Ubuntu, Debian
Upstream Needs triage

ipe
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

kdegraphics
Launchpad, Ubuntu, Debian
Upstream Needs triage

koffice
Launchpad, Ubuntu, Debian
Upstream Needed

libextractor
Launchpad, Ubuntu, Debian
Upstream Needs triage

pdfkit.framework
Launchpad, Ubuntu, Debian
Upstream Needs triage

pdftohtml
Launchpad, Ubuntu, Debian
Upstream Needs triage

poppler
Launchpad, Ubuntu, Debian
Upstream
Released (0.6.2)
tetex-bin
Launchpad, Ubuntu, Debian
Upstream Needs triage

texlive-bin
Launchpad, Ubuntu, Debian
Upstream Needs triage

xpdf
Launchpad, Ubuntu, Debian
Upstream
Released (3.02pl2)
Patches:
Other: https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/129940
Debdiff: https://bugs.launchpad.net/ubuntu/+source/xpdf/+bug/160944