GLSA-200710-20 : PDFKit, ImageKits: Buffer overflow

Medium Nessus Plugin ID 27518


The remote Gentoo host is missing one or more security-related patches.


The remote host is affected by the vulnerability described in GLSA-200710-20 (PDFKit, ImageKits: Buffer overflow)

Maurycy Prodeus discovered an integer overflow vulnerability possibly leading to a stack-based buffer overflow in the XPDF code which PDFKit is based on. ImageKits also contains a copy of PDFKit.
Impact :

By enticing a user to view a specially crafted PDF file with a viewer based on ImageKits or PDFKit such as Gentoo's ViewPDF, a remote attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application.
Workaround :

There is no known workaround at this time.


PDFKit and ImageKits are not maintained upstream, so the packages were masked in Portage. We recommend that users unmerge PDFKit and ImageKits:
# emerge --unmerge gnustep-libs/pdfkit # emerge --unmerge gnustep-libs/imagekits As an alternative, users should upgrade their systems to use PopplerKit instead of PDFKit and Vindaloo instead of ViewPDF.

See Also

Plugin Details

Severity: Medium

ID: 27518

File Name: gentoo_GLSA-200710-20.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2007/10/19

Modified: 2018/01/12

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:imagekits, p-cpe:/a:gentoo:linux:pdfkit, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2007/10/18

Vulnerability Publication Date: 2007/07/30

Exploitable With

Core Impact

Reference Information

CVE: CVE-2007-3387

OSVDB: 38120, 40127

GLSA: 200710-20

CWE: 189