9.3
CVE-2007-5392
- EPSS 6.41%
- Veröffentlicht 08.11.2007 02:46:00
- Zuletzt bearbeitet 16.06.2026 22:46:01
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.41% | 0.928 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://secunia.com/advisories/30168
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
http://secunia.com/advisories/27599
http://secunia.com/advisories/27743
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
http://www.redhat.com/support/errata/RHSA-2007-1027.html
http://www.redhat.com/support/errata/RHSA-2007-1030.html
http://www.securitytracker.com/id?1018905
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html
http://secunia.com/advisories/27577
http://secunia.com/advisories/27615
http://www.redhat.com/support/errata/RHSA-2007-1022.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html
http://secunia.com/advisories/27637
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
http://secunia.com/advisories/26503
http://secunia.com/advisories/27260
http://secunia.com/advisories/27553
http://secunia.com/advisories/27573
http://secunia.com/advisories/27574
http://secunia.com/advisories/27575
http://secunia.com/advisories/27578
http://secunia.com/advisories/27618
http://secunia.com/advisories/27619
http://secunia.com/advisories/27632
http://secunia.com/advisories/27634
http://secunia.com/advisories/27636
http://secunia.com/advisories/27640
http://secunia.com/advisories/27641
http://secunia.com/advisories/27642
http://secunia.com/advisories/27645
http://secunia.com/advisories/27656
http://secunia.com/advisories/27658
http://secunia.com/advisories/27705
http://secunia.com/advisories/27721
http://secunia.com/advisories/27724
http://secunia.com/advisories/27856
http://secunia.com/advisories/28043
http://secunia.com/advisories/28812
http://secunia.com/advisories/29104
http://secunia.com/advisories/29604
http://secunia.com/secunia_research/2007-88/advisory/
http://security.gentoo.org/glsa/glsa-200711-22.xml
http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.html
http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.html
http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html
http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.html
http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html
http://www.debian.org/security/2008/dsa-1480
http://www.debian.org/security/2008/dsa-1509
http://www.debian.org/security/2008/dsa-1537
http://www.kde.org/info/security/advisory-20071107-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:219
http://www.mandriva.com/security/advisories?name=MDKSA-2007:220
http://www.mandriva.com/security/advisories?name=MDKSA-2007:221
http://www.mandriva.com/security/advisories?name=MDKSA-2007:222
http://www.mandriva.com/security/advisories?name=MDKSA-2007:223
http://www.mandriva.com/security/advisories?name=MDKSA-2007:227
http://www.mandriva.com/security/advisories?name=MDKSA-2007:228
http://www.novell.com/linux/security/advisories/2007_60_pdf.html
http://www.redhat.com/support/errata/RHSA-2007-1021.html
http://www.redhat.com/support/errata/RHSA-2007-1024.html
http://www.redhat.com/support/errata/RHSA-2007-1025.html
http://www.redhat.com/support/errata/RHSA-2007-1026.html
http://www.redhat.com/support/errata/RHSA-2007-1029.html
http://www.securityfocus.com/archive/1/483372
http://www.securityfocus.com/bid/26367
http://www.ubuntu.com/usn/usn-542-1
http://www.ubuntu.com/usn/usn-542-2
http://www.vupen.com/english/advisories/2007/3774
http://www.vupen.com/english/advisories/2007/3775
http://www.vupen.com/english/advisories/2007/3776
http://www.vupen.com/english/advisories/2007/3779
http://www.vupen.com/english/advisories/2007/3786
https://issues.rpath.com/browse/RPL-1926
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/38303
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10036