Описание
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
Пакеты
Пакет | Статус | Версия исправления | Релиз | Тип |
---|---|---|---|---|
poppler | fixed | 0.6.2-1 | package | |
kdegraphics | fixed | 4:3.5.8-2 | package | |
kdegraphics | not-affected | etch | package | |
xpdf | fixed | 3.02-1.3 | package | |
koffice | fixed | 1:1.6.3-4 | package | |
cups | fixed | 1.1.22-7 | package | |
gpdf | removed | package | ||
pdftohtml | removed | package | ||
pdftohtml | fixed | 0.36-13etch1 | etch | package |
tetex-bin | fixed | 3.0-12 | package | |
cupsys | not-affected | package | ||
libextractor | fixed | 0.5.12-1 | package | |
swftools | fixed | 0.9.2+ds1-2 | package |
Примечания
pdftex links to poppler since 3.0-12, thus marking as fixed
cups uses xpdf-utils and poppler-utils
libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
EPSS
Связанные уязвимости
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
ELSA-2007-1026: Important: poppler security update (IMPORTANT)
EPSS