It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.

libextractor includes a copy of the xpdf code and required an update as well.

It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.

tetex-bin includes a copy of the xpdf code and required an update as well.

It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.

pdfkit.framework includes a copy of the xpdf code and required an update as well.

Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause kpdf to crash and possibly execute arbitrary code open a user opening the file.

This update provides packages which are patched to prevent these issues.

It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.

koffice includes a copy of the xpdf code and required an update as well.

The oldstable distribution (sarge) will be fixed later.

A buffer overflow in the xpdf code contained in poppler could be exploited by attackers to potentially execute arbitrary code (CVE-2007-3387).

New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current. New poppler packages are available for Slackware 12.0 and -current. New koffice packages are available for Slackware 11.0, 12.0, and -current. New kdegraphics packages are available for Slackware 10.2, 11.0, 12.0, and -current. These updated packages address similar bugs which could be used to crash applications linked with poppler or that use code from xpdf through the use of a malformed PDF document. It is possible that a maliciously crafted document could cause code to be executed in the context of the user running the application processing the PDF. These advisories and CVE entries cover the bugs:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 http://www.kde.org/info/security/advisory-20071107-1.txt

A buffer overflow in the xpdf code contained in poppler could be exploited by attackers to potentially execute arbitrary code.
(CVE-2007-3387)

Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash or potentially execute arbitrary code when opened.
(CVE-2007-3387)

Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened.
(CVE-2007-3387)

Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash or potentially execute arbitrary code when opened. (CVE-2007-3387)

From Red Hat Security Advisory 2007:0729 :

Updated kdegraphics packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 4, and 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a PDF file viewer.

Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened.
(CVE-2007-3387)

All users of kdegraphics should upgrade to these updated packages, which contain a backported patch to resolve this issue.

The remote host is affected by the vulnerability described in GLSA-200709-17 (teTeX: Multiple buffer overflows)

    Mark Richters discovered a buffer overflow in the open_sty() function     in file mkind.c. Other vulnerabilities have also been discovered in the     same file but might not be exploitable (CVE-2007-0650). Tetex also     includes vulnerable code from GD library (GLSA 200708-05), and from     Xpdf (CVE-2007-3387).
  Impact :

    A remote attacker could entice a user to process a specially crafted     PNG, GIF or PDF file, or to execute 'makeindex' on an overly long     filename. In both cases, this could lead to the remote execution of     arbitrary code with the privileges of the user running the application.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Published	Updated	Severity
25857	Debian DSA-1349-1 : libextractor - integer overflow	Nessus	Debian Local Security Checks	8/13/2007	1/4/2021	medium
25858	Debian DSA-1350-1 : tetex-bin - integer overflow	Nessus	Debian Local Security Checks	8/13/2007	1/4/2021	medium
25860	Debian DSA-1352-1 : pdfkit.framework - integer overflow	Nessus	Debian Local Security Checks	8/13/2007	1/4/2021	medium
25894	Mandrake Linux Security Advisory : kdegraphics (MDKSA-2007:162)	Nessus	Mandriva Local Security Checks	8/15/2007	1/6/2021	medium
25937	Debian DSA-1357-1 : koffice - integer overflow	Nessus	Debian Local Security Checks	8/28/2007	1/4/2021	medium
27399	openSUSE 10 Security Update : poppler (poppler-3991)	Nessus	SuSE Local Security Checks	10/17/2007	1/14/2021	medium
28149	Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 9.1 / current : xpdf/poppler/koffice/kdegraphics (SSA:2007-316-01)	Nessus	Slackware Local Security Checks	11/12/2007	1/14/2021	high
29554	SuSE 10 Security Update : poppler,poppler-devel (ZYPP Patch Number 3992)	Nessus	SuSE Local Security Checks	12/13/2007	1/14/2021	medium
60233	Scientific Linux Security Update : gpdf on SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	medium
60234	Scientific Linux Security Update : kdegraphics on SL5.x, SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	medium
60235	Scientific Linux Security Update : poppler on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	medium
67549	Oracle Linux 4 : kdegraphics (ELSA-2007-0729)	Nessus	Oracle Linux Local Security Checks	7/12/2013	1/14/2021	medium
26215	GLSA-200709-17 : teTeX: Multiple buffer overflows	Nessus	Gentoo Local Security Checks	10/3/2007	1/6/2021	medium

Detections

Analytics

Plugins Search

medium

medium

medium

medium

medium

medium

high

medium

medium

medium

medium

medium

medium