Mandrake Linux Security Advisory : xpdf (MDKSA-2007:158)

Medium Nessus Plugin ID 25891


The remote Mandrake Linux host is missing one or more security updates.


Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause xpdf to crash and possibly execute arbitrary code open a user opening the file.

This update provides packages which are patched to prevent these issues.


Update the affected xpdf and / or xpdf-tools packages.

Plugin Details

Severity: Medium

ID: 25891

File Name: mandrake_MDKSA-2007-158.nasl

Version: $Revision: 1.18 $

Type: local

Published: 2007/08/15

Modified: 2015/03/19

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:xpdf, p-cpe:/a:mandriva:linux:xpdf-tools, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/08/13

Exploitable With

Core Impact

Reference Information

CVE: CVE-2007-3387

BID: 25124

MDKSA: 2007:158

CWE: 189