9.3

CVE-2007-5392

Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XpdfXpdf Version3.0.1_pl1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.41% 0.928
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/30168
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
http://secunia.com/advisories/27599
Vendor Advisory
http://secunia.com/advisories/27743
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
http://www.redhat.com/support/errata/RHSA-2007-1027.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-1030.html
Vendor Advisory
http://www.securitytracker.com/id?1018905
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html
http://secunia.com/advisories/27577
Vendor Advisory
http://secunia.com/advisories/27615
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-1022.html
Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html
http://secunia.com/advisories/27637
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
http://secunia.com/advisories/26503
Vendor Advisory
http://secunia.com/advisories/27260
Patch
Vendor Advisory
http://secunia.com/advisories/27553
Vendor Advisory
http://secunia.com/advisories/27573
Vendor Advisory
http://secunia.com/advisories/27574
Vendor Advisory
http://secunia.com/advisories/27575
Vendor Advisory
http://secunia.com/advisories/27578
Vendor Advisory
http://secunia.com/advisories/27618
Vendor Advisory
http://secunia.com/advisories/27619
Vendor Advisory
http://secunia.com/advisories/27632
http://secunia.com/advisories/27634
http://secunia.com/advisories/27636
http://secunia.com/advisories/27640
Vendor Advisory
http://secunia.com/advisories/27641
http://secunia.com/advisories/27642
http://secunia.com/advisories/27645
http://secunia.com/advisories/27656
http://secunia.com/advisories/27658
http://secunia.com/advisories/27705
http://secunia.com/advisories/27721
http://secunia.com/advisories/27724
http://secunia.com/advisories/27856
http://secunia.com/advisories/28043
http://secunia.com/advisories/28812
http://secunia.com/advisories/29104
http://secunia.com/advisories/29604
http://secunia.com/secunia_research/2007-88/advisory/
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200711-22.xml
http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.html
http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.html
http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html
http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.html
http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html
http://www.debian.org/security/2008/dsa-1480
http://www.debian.org/security/2008/dsa-1509
http://www.debian.org/security/2008/dsa-1537
http://www.kde.org/info/security/advisory-20071107-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:219
http://www.mandriva.com/security/advisories?name=MDKSA-2007:220
http://www.mandriva.com/security/advisories?name=MDKSA-2007:221
http://www.mandriva.com/security/advisories?name=MDKSA-2007:222
http://www.mandriva.com/security/advisories?name=MDKSA-2007:223
http://www.mandriva.com/security/advisories?name=MDKSA-2007:227
http://www.mandriva.com/security/advisories?name=MDKSA-2007:228
http://www.novell.com/linux/security/advisories/2007_60_pdf.html
http://www.redhat.com/support/errata/RHSA-2007-1021.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-1024.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-1025.html
http://www.redhat.com/support/errata/RHSA-2007-1026.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-1029.html
Vendor Advisory
http://www.securityfocus.com/archive/1/483372
http://www.securityfocus.com/bid/26367
http://www.ubuntu.com/usn/usn-542-1
http://www.ubuntu.com/usn/usn-542-2
http://www.vupen.com/english/advisories/2007/3774
http://www.vupen.com/english/advisories/2007/3775
http://www.vupen.com/english/advisories/2007/3776
http://www.vupen.com/english/advisories/2007/3779
http://www.vupen.com/english/advisories/2007/3786
https://issues.rpath.com/browse/RPL-1926
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/38303
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10036