CVE-2007-0104

CWE-20 — Improper Input Validation9 documents8 sources

Severity

6.8MEDIUM

EPSS

19.0%

top 4.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE KDE Xpdf Xpdf

Timeline

PublishedJan 9

Latest updateMay 1

Description

The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶Debianxpdf< 3.02+3

▶Debianpoppler< 0.4.5-5.1+3

▶NVDxpdf/xpdf5 versions+4

▶NVDkde/kde12 versions+11

🔴Vulnerability Details

GHSA

GHSA-8w95-hg52-rgm5: The Adobe PDF specification 1↗2022-05-01

▶

CVEList

CVE-2007-0104: The Adobe PDF specification 1↗2007-01-09

▶

OSV

CVE-2007-0104: The Adobe PDF specification 1↗2007-01-09

▶

📋Vendor Advisories

Ubuntu

teTeX vulnerability↗2007-01-26

▶

Ubuntu

poppler vulnerability↗2007-01-19

▶

Debian

CVE-2007-0104: poppler - The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) k...↗2007

▶

Red Hat

xpdf infinite loop DoS↗

▶

💬Community

Bugzilla

CVE-2007-0104 xpdf infinite loop DoS↗2008-01-09

▶