9.3

CVE-2007-5393

EPSS 8.89%
Published 08.11.2007 02:46:00
Last modified 09.04.2025 00:30:58
Source PSIRT-CNA@flexerasoftware.com
Teams watchlist Login
Open Login

Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.

Affected products Warnungen 0 Metrics 2 CWE 1 References 94

Data is provided by the National Vulnerability Database (NVD)

Xpdf ≫ Xpdf Version3.02p11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	8.89%	0.922

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/30168

http://security.gentoo.org/glsa/glsa-200711-34.xml

http://security.gentoo.org/glsa/glsa-200805-13.xml

http://secunia.com/advisories/27599

http://secunia.com/advisories/27718

http://secunia.com/advisories/27743

http://www.mandriva.com/security/advisories?name=MDKSA-2007:230

http://www.redhat.com/support/errata/RHSA-2007-1027.html

http://www.redhat.com/support/errata/RHSA-2007-1030.html

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-1031.html

Vendor Advisory

http://www.securitytracker.com/id?1018905

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html

http://secunia.com/advisories/27577

Vendor Advisory

http://secunia.com/advisories/27615

http://support.avaya.com/elmodocs2/security/ASA-2007-476.htm

http://www.redhat.com/support/errata/RHSA-2007-1022.html

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-1023.html

Vendor Advisory

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html

http://secunia.com/advisories/27637

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882

http://secunia.com/advisories/26503

http://secunia.com/advisories/27260

Patch

Vendor Advisory

http://secunia.com/advisories/27553

Vendor Advisory

http://secunia.com/advisories/27573

Vendor Advisory

http://secunia.com/advisories/27574

http://secunia.com/advisories/27575

Vendor Advisory

http://secunia.com/advisories/27578

Vendor Advisory

http://secunia.com/advisories/27618

http://secunia.com/advisories/27619

http://secunia.com/advisories/27632

http://secunia.com/advisories/27634

http://secunia.com/advisories/27636

http://secunia.com/advisories/27640

http://secunia.com/advisories/27641

http://secunia.com/advisories/27642

http://secunia.com/advisories/27645

http://secunia.com/advisories/27656

http://secunia.com/advisories/27658

http://secunia.com/advisories/27705

http://secunia.com/advisories/27721

http://secunia.com/advisories/27724

http://secunia.com/advisories/27856

http://secunia.com/advisories/28043

http://secunia.com/advisories/28812

http://secunia.com/advisories/29104

http://secunia.com/advisories/29604

http://secunia.com/secunia_research/2007-88/advisory/

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200711-22.xml

http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.html

http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.html

http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html

http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.html

http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html

http://www.debian.org/security/2008/dsa-1480

http://www.debian.org/security/2008/dsa-1509

http://www.debian.org/security/2008/dsa-1537

http://www.kde.org/info/security/advisory-20071107-1.txt

http://www.mandriva.com/security/advisories?name=MDKSA-2007:219

http://www.mandriva.com/security/advisories?name=MDKSA-2007:220

http://www.mandriva.com/security/advisories?name=MDKSA-2007:221

http://www.mandriva.com/security/advisories?name=MDKSA-2007:222

http://www.mandriva.com/security/advisories?name=MDKSA-2007:223

http://www.mandriva.com/security/advisories?name=MDKSA-2007:227

http://www.mandriva.com/security/advisories?name=MDKSA-2007:228

http://www.novell.com/linux/security/advisories/2007_60_pdf.html

http://www.redhat.com/support/errata/RHSA-2007-1021.html

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-1024.html

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-1025.html

http://www.redhat.com/support/errata/RHSA-2007-1026.html

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-1029.html

Vendor Advisory

http://www.securityfocus.com/archive/1/483372

http://www.securityfocus.com/bid/26367

http://www.ubuntu.com/usn/usn-542-1

http://www.ubuntu.com/usn/usn-542-2

http://www.vupen.com/english/advisories/2007/3774

http://www.vupen.com/english/advisories/2007/3775

http://www.vupen.com/english/advisories/2007/3776

http://www.vupen.com/english/advisories/2007/3779

http://www.vupen.com/english/advisories/2007/3786

https://issues.rpath.com/browse/RPL-1926

https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html

http://secunia.com/advisories/27579

Vendor Advisory

http://secunia.com/advisories/27772

http://www.debian.org/security/2007/dsa-1408

http://www.redhat.com/support/errata/RHSA-2007-1028.html

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2007-1051.html

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/38304

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9839

https://nvd.nist.gov/vuln/detail/CVE-2007-5393

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-5393

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-5393

EUVD