Описание
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| poppler | fixed | 0.6.2-1 | package | |
| kdegraphics | fixed | 4:3.5.8-2 | package | |
| xpdf | fixed | 3.02-1.3 | package | |
| koffice | fixed | 1:1.6.3-4 | package | |
| cups | fixed | 1.1.22-7 | package | |
| gpdf | removed | package | ||
| pdftohtml | removed | package | ||
| pdftohtml | fixed | 0.36-13etch1 | etch | package |
| tetex-bin | fixed | 3.0-12 | package | |
| cupsys | not-affected | package | ||
| libextractor | fixed | 0.5.12-1 | package | |
| swftools | fixed | 0.9.2+ds1-2 | package |
Примечания
pdftex links to poppler since 3.0-12, thus marking as fixed
cups uses xpdf-utils and poppler-utils
libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
EPSS
Связанные уязвимости
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
ELSA-2007-1026: Important: poppler security update (IMPORTANT)
EPSS