CVE-2007-5392 (retired)

Priority
Description
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf
3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF
file, resulting in a heap-based buffer overflow.
References
RHSA-2007:1026-01 (poppler)
RHSA-2007:1027-02 (tetex-base)
RHSA-2007:1029-01 (xpdf)
RHSA-2007:1025-01 (gpdf)
https://usn.ubuntu.com/usn/usn-542-1
https://usn.ubuntu.com/usn/usn-542-2
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
Notes
 jdstrand> cupsys on Ubuntu is not directly affected as it depends on
  poppler-utils or xpdf-utils. poppler-utils is in main and gets pulled in on
  installation of cupsys.
 jdstrand> koffice fixed in debian 1:1.6.3-4
 fujitsu> ipe doesn't contain the vulnerable code.
Assigned-to
jdstrand
Package
Source: cups (LP Ubuntu Debian)
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Source: gpdf (LP Ubuntu Debian)
Upstream:needs-triage
Package
Source: ipe (LP Ubuntu Debian)
Upstream:not-affected
Package
Upstream:needs-triage
Package
Upstream:needed
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:released (0.6.2)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-03-26 11:41:48 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)