9.3

CVE-2007-5392

EPSS 3.92%
Published 08.11.2007 02:46:00
Last modified 09.04.2025 00:30:58
Source PSIRT-CNA@flexerasoftware.com
Teams watchlist Login
Open Login

Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.

Affected products Warnungen 0 Metrics 2 CWE 1 References 85

Data is provided by the National Vulnerability Database (NVD)

Xpdf ≫ Xpdf Version3.0.1_pl1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.92%	0.879

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/30168

http://security.gentoo.org/glsa/glsa-200711-34.xml

http://security.gentoo.org/glsa/glsa-200805-13.xml

http://secunia.com/advisories/27599

Vendor Advisory

http://secunia.com/advisories/27743

http://www.mandriva.com/security/advisories?name=MDKSA-2007:230

http://www.redhat.com/support/errata/RHSA-2007-1027.html

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-1030.html

Vendor Advisory

http://www.securitytracker.com/id?1018905

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html

http://secunia.com/advisories/27577

Vendor Advisory

http://secunia.com/advisories/27615

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-1022.html

Vendor Advisory

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html

http://secunia.com/advisories/27637

Vendor Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882

http://secunia.com/advisories/26503

Vendor Advisory

http://secunia.com/advisories/27260

Patch

Vendor Advisory

http://secunia.com/advisories/27553

Vendor Advisory

http://secunia.com/advisories/27573

Vendor Advisory

http://secunia.com/advisories/27574

Vendor Advisory

http://secunia.com/advisories/27575

Vendor Advisory

http://secunia.com/advisories/27578

Vendor Advisory

http://secunia.com/advisories/27618

Vendor Advisory

http://secunia.com/advisories/27619

Vendor Advisory

http://secunia.com/advisories/27632

http://secunia.com/advisories/27634

http://secunia.com/advisories/27636

http://secunia.com/advisories/27640

Vendor Advisory

http://secunia.com/advisories/27641

http://secunia.com/advisories/27642

http://secunia.com/advisories/27645

http://secunia.com/advisories/27656

http://secunia.com/advisories/27658

http://secunia.com/advisories/27705

http://secunia.com/advisories/27721

http://secunia.com/advisories/27724

http://secunia.com/advisories/27856

http://secunia.com/advisories/28043

http://secunia.com/advisories/28812

http://secunia.com/advisories/29104

http://secunia.com/advisories/29604

http://secunia.com/secunia_research/2007-88/advisory/

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200711-22.xml

http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.html

http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.html

http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html

http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.html

http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html

http://www.debian.org/security/2008/dsa-1480

http://www.debian.org/security/2008/dsa-1509

http://www.debian.org/security/2008/dsa-1537

http://www.kde.org/info/security/advisory-20071107-1.txt

http://www.mandriva.com/security/advisories?name=MDKSA-2007:219

http://www.mandriva.com/security/advisories?name=MDKSA-2007:220

http://www.mandriva.com/security/advisories?name=MDKSA-2007:221

http://www.mandriva.com/security/advisories?name=MDKSA-2007:222

http://www.mandriva.com/security/advisories?name=MDKSA-2007:223

http://www.mandriva.com/security/advisories?name=MDKSA-2007:227

http://www.mandriva.com/security/advisories?name=MDKSA-2007:228

http://www.novell.com/linux/security/advisories/2007_60_pdf.html

http://www.redhat.com/support/errata/RHSA-2007-1021.html

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-1024.html

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-1025.html

http://www.redhat.com/support/errata/RHSA-2007-1026.html

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-1029.html

Vendor Advisory

http://www.securityfocus.com/archive/1/483372

http://www.securityfocus.com/bid/26367

http://www.ubuntu.com/usn/usn-542-1

http://www.ubuntu.com/usn/usn-542-2

http://www.vupen.com/english/advisories/2007/3774

http://www.vupen.com/english/advisories/2007/3775

http://www.vupen.com/english/advisories/2007/3776

http://www.vupen.com/english/advisories/2007/3779

http://www.vupen.com/english/advisories/2007/3786

https://issues.rpath.com/browse/RPL-1926

https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/38303

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10036

https://nvd.nist.gov/vuln/detail/CVE-2007-5392

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5392

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5392

EUVD