Launchpad.net

CVE 2007-0104

The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

Related bugs and status

CVE-2007-0104 (Candidate) is related to these bugs:

Bug #80658: crafted pdf file vulnerability

Summary				In	Importance	Status
	80658	crafted pdf file vulnerability		tetex-bin (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 21910
MISC: http://projects.info-p...
CONFIRM: http://www.kde.org/inf...
MANDRIVA: MDKSA-2007:018
MANDRIVA: MDKSA-2007:020
MANDRIVA: MDKSA-2007:022
UBUNTU: USN-410-1
SECTRACK: 1017514
SECUNIA: 23799
SECUNIA: 23791
SECUNIA: 23808
SECUNIA: 23813
SECUNIA: 23815
SECUNIA: 23844
CONFIRM: https://issues.rpath.c...
SECUNIA: 23839
SECUNIA: 23876
UBUNTU: USN-410-2
CONFIRM: http://support.novell....
SUSE: SUSE-SR:2007:003
SECUNIA: 24204
CONFIRM: http://docs.info.apple...
SECTRACK: 1017749
SECUNIA: 24479
MANDRIVA: MDKSA-2007:019
MANDRIVA: MDKSA-2007:021
MANDRIVA: MDKSA-2007:024
CERT: TA07-072A
VUPEN: ADV-2007-0203
VUPEN: ADV-2007-0212
VUPEN: ADV-2007-0244
VUPEN: ADV-2007-0930
XF: multiple-vendor-pdf-co...
BUGTRAQ: 20070116 [KDE Security...