CVE-2007-4352

Priority
Description
Array index error in the DCTStream::readProgressiveDataUnit method in
xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice,
CUPS, and other products, allows remote attackers to trigger memory
corruption and execute arbitrary code via a crafted PDF file.
References
RHSA-2007:1026-01 (poppler)
RHSA-2007:1027-02 (tetex-base)
RHSA-2007:1029-01 (xpdf)
RHSA-2007:1025-01 (gpdf)
https://usn.ubuntu.com/usn/usn-542-1
https://usn.ubuntu.com/usn/usn-542-2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
Notes
 jdstrand> cupsys on Ubuntu is not directly affected as it depends on
  poppler-utils or xpdf-utils. poppler-utils is in main and gets pulled in on
  installation of cupsys.
 jdstrand> koffice fixed in debian 1:1.6.3-4
 fujitsu> ipe doesn't contain the vulnerable code.
Assigned-to
jdstrand
Package
Source: cups (LP Ubuntu Debian)
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Source: gpdf (LP Ubuntu Debian)
Upstream:needs-triage
Package
Source: ipe (LP Ubuntu Debian)
Upstream:not-affected
Package
Upstream:needs-triage
Package
Upstream:needed
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:released (0.6.2)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-03-19 11:43:22 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)