A buffer overflow in the xpdf code contained in poppler could be exploited by attackers to potentially execute arbitrary code (CVE-2007-3387).

New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current. New poppler packages are available for Slackware 12.0 and -current. New koffice packages are available for Slackware 11.0, 12.0, and -current. New kdegraphics packages are available for Slackware 10.2, 11.0, 12.0, and -current. These updated packages address similar bugs which could be used to crash applications linked with poppler or that use code from xpdf through the use of a malformed PDF document. It is possible that a maliciously crafted document could cause code to be executed in the context of the user running the application processing the PDF. These advisories and CVE entries cover the bugs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 http://www.kde.org/info/security/advisory-20071107-1.txt

A buffer overflow in the xpdf code contained in poppler could be exploited by attackers to potentially execute arbitrary code.
(CVE-2007-3387)

Updated CUPS packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems.

Maurycy Prodeus discovered an integer overflow flaw in the way CUPS processes PDF files. An attacker could create a malicious PDF file that could potentially execute arbitrary code when printed.
(CVE-2007-3387)

All users of CUPS should upgrade to these updated packages, which contain a backported patch to resolve this issue.

Updated poppler packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

Poppler is a PDF rendering library, used by applications such as evince.

Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash or potentially execute arbitrary code when opened. (CVE-2007-3387)

All users of poppler should upgrade to these updated packages, which contain a backported patch to resolve this issue.

Updated tetex packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output.

Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-3387)

All users of TeTeX should upgrade to these updated packages, which contain a backported patch to resolve this issue.

New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix an integer overflow.

It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.

libextractor includes a copy of the xpdf code and required an update as well.

It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.

tetex-bin includes a copy of the xpdf code and required an update as well.

It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.

pdfkit.framework includes a copy of the xpdf code and required an update as well.

Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause kpdf to crash and possibly execute arbitrary code open a user opening the file.

This update provides packages which are patched to prevent these issues.

It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.

koffice includes a copy of the xpdf code and required an update as well.

The oldstable distribution (sarge) will be fixed later.

The remote host is affected by the vulnerability described in GLSA-200709-17 (teTeX: Multiple buffer overflows)

    Mark Richters discovered a buffer overflow in the open_sty() function     in file mkind.c. Other vulnerabilities have also been discovered in the     same file but might not be exploitable (CVE-2007-0650). Tetex also     includes vulnerable code from GD library (GLSA 200708-05), and from     Xpdf (CVE-2007-3387).
  Impact :

    A remote attacker could entice a user to process a specially crafted     PNG, GIF or PDF file, or to execute 'makeindex' on an overly long     filename. In both cases, this could lead to the remote execution of     arbitrary code with the privileges of the user running the application.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Published	Updated	Severity
27399	openSUSE 10 Security Update : poppler (poppler-3991)	Nessus	SuSE Local Security Checks	10/17/2007	1/14/2021	medium
28149	Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 9.1 / current : xpdf/poppler/koffice/kdegraphics (SSA:2007-316-01)	Nessus	Slackware Local Security Checks	11/12/2007	1/14/2021	high
29554	SuSE 10 Security Update : poppler,poppler-devel (ZYPP Patch Number 3992)	Nessus	SuSE Local Security Checks	12/13/2007	1/14/2021	medium
25815	RHEL 3 / 4 / 5 : cups (RHSA-2007:0720)	Nessus	Red Hat Local Security Checks	7/31/2007	1/14/2021	medium
25818	RHEL 5 : poppler (RHSA-2007:0732)	Nessus	Red Hat Local Security Checks	7/31/2007	1/14/2021	medium
25832	CentOS 3 / 4 / 5 : tetex (CESA-2007:0731)	Nessus	CentOS Local Security Checks	8/2/2007	1/4/2021	medium
25848	Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 9.1 : xpdf (SSA:2007-222-05)	Nessus	Slackware Local Security Checks	8/13/2007	1/14/2021	medium
25857	Debian DSA-1349-1 : libextractor - integer overflow	Nessus	Debian Local Security Checks	8/13/2007	1/4/2021	medium
25858	Debian DSA-1350-1 : tetex-bin - integer overflow	Nessus	Debian Local Security Checks	8/13/2007	1/4/2021	medium
25860	Debian DSA-1352-1 : pdfkit.framework - integer overflow	Nessus	Debian Local Security Checks	8/13/2007	1/4/2021	medium
25894	Mandrake Linux Security Advisory : kdegraphics (MDKSA-2007:162)	Nessus	Mandriva Local Security Checks	8/15/2007	1/6/2021	medium
25937	Debian DSA-1357-1 : koffice - integer overflow	Nessus	Debian Local Security Checks	8/28/2007	1/4/2021	medium
26215	GLSA-200709-17 : teTeX: Multiple buffer overflows	Nessus	Gentoo Local Security Checks	10/3/2007	1/6/2021	medium

Detections

Analytics

Plugins Search

medium

high

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium