Launchpad.net

CVE 2007-5392

Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.

Related bugs and status

CVE-2007-5392 (Candidate) is related to these bugs:

Bug #160944: [xpdf] multiple security vulnerabilities

		In	Importance	Status
160944	[xpdf] multiple security vulnerabilities	xpdf (Ubuntu)	Undecided	Fix Released
160944	[xpdf] multiple security vulnerabilities	poppler (Ubuntu)	Undecided	Fix Released
160944	[xpdf] multiple security vulnerabilities	poppler (Debian)	Unknown	Fix Released
160944	[xpdf] multiple security vulnerabilities	Fedora	High	Fix Released

Bug #160948: [kpdf] multiple xpdf based vulnerabilities

Summary				In	Importance	Status
	160948	[kpdf] multiple xpdf based vulnerabilities		kdegraphics (Ubuntu)	Undecided	Invalid
	160948	[kpdf] multiple xpdf based vulnerabilities		koffice (Ubuntu)	Undecided	Fix Released

Bug #163820: [tetex] Multiple vulnerabilities possibly allowing to execute arbitrary code or overwrite arbitrary files

Summary				In	Importance	Status
	163820	[tetex] Multiple vulnerabilities possibly allowing to execute arbitrary code or overwrite arbitrary files		tetex-bin (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/sec...
SECUNIA: 27260
CONFIRM: http://www.kde.org/inf...
REDHAT: RHSA-2007:1021
REDHAT: RHSA-2007:1022
REDHAT: RHSA-2007:1025
REDHAT: RHSA-2007:1026
REDHAT: RHSA-2007:1027
REDHAT: RHSA-2007:1029
REDHAT: RHSA-2007:1030
SECTRACK: 1018905
SECUNIA: 27553
SECUNIA: 27573
SECUNIA: 27574
SECUNIA: 27575
SECUNIA: 27577
SECUNIA: 27578
BUGTRAQ: 20071107 Secunia Resea...
FEDORA: FEDORA-2007-3100
BID: 26367
SECUNIA: 27615
SECUNIA: 27637
SECUNIA: 27599
CONFIRM: http://support.novell....
CONFIRM: http://support.novell....
CONFIRM: http://support.novell....
FEDORA: FEDORA-2007-3031
FEDORA: FEDORA-2007-3059
REDHAT: RHSA-2007:1024
UBUNTU: USN-542-1
SECUNIA: 26503
SECUNIA: 27618
SECUNIA: 27619
SECUNIA: 27640
SECUNIA: 27641
SECUNIA: 27642
SECUNIA: 27656
SECUNIA: 27632
CONFIRM: http://support.novell....
CONFIRM: http://support.novell....
SUSE: SUSE-SA:2007:060
SECUNIA: 27645
SECUNIA: 27636
GENTOO: GLSA-200711-22
MANDRIVA: MDKSA-2007:219
MANDRIVA: MDKSA-2007:220
MANDRIVA: MDKSA-2007:221
MANDRIVA: MDKSA-2007:222
MANDRIVA: MDKSA-2007:223
UBUNTU: USN-542-2
SECUNIA: 27634
SECUNIA: 27658
SECUNIA: 27705
SECUNIA: 27721
MANDRIVA: MDKSA-2007:227
MANDRIVA: MDKSA-2007:228
MANDRIVA: MDKSA-2007:230
SECUNIA: 27724
SECUNIA: 27743
CONFIRM: https://issues.rpath.c...
GENTOO: GLSA-200711-34
SECUNIA: 27856
FEDORA: FEDORA-2007-4031
SECUNIA: 28043
FEDORA: FEDORA-2007-3390
FEDORA: FEDORA-2007-750
DEBIAN: DSA-1480
SECUNIA: 28812
DEBIAN: DSA-1509
SECUNIA: 29104
DEBIAN: DSA-1537
SECUNIA: 29604
GENTOO: GLSA-200805-13
SECUNIA: 30168
VUPEN: ADV-2007-3774
VUPEN: ADV-2007-3775
VUPEN: ADV-2007-3776
VUPEN: ADV-2007-3779
VUPEN: ADV-2007-3786
SLACKWARE: SSA:2007-316-01
XF: xpdf-dctstreamreset-bo...
OVAL: oval:org.mitre.oval:de...