CVE-2007-4352
published 2007-11-08CVE-2007-4352: Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other…
high7.6CVSS 3.1
AVNACHAuNCCICAC
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | cups | >= 0 < 1.1.22-7 | 1.1.22-7 |
| apple | cups | >= 0 < 1.1.22-7 | 1.1.22-7 |
| apple | cups | >= 0 < 1.1.22-7 | 1.1.22-7 |
| apple | cups | >= 0 < 1.1.22-7 | 1.1.22-7 |
| debian | cups | < cups 1.1.22-7 (bookworm) | cups 1.1.22-7 (bookworm) |
| debian | libextractor | < cups 1.1.22-7 (bookworm) | cups 1.1.22-7 (bookworm) |
| debian | poppler | < cups 1.1.22-7 (bookworm) | cups 1.1.22-7 (bookworm) |
| debian | xpdf | < cups 1.1.22-7 (bookworm) | cups 1.1.22-7 (bookworm) |
| freedesktop | poppler | >= 0 < 0.6.2-1 | 0.6.2-1 |
| freedesktop | poppler | >= 0 < 0.6.2-1 | 0.6.2-1 |
| freedesktop | poppler | >= 0 < 0.6.2-1 | 0.6.2-1 |
| freedesktop | poppler | >= 0 < 0.6.2-1 | 0.6.2-1 |
| gnu | libextractor | >= 0 < 0.5.12-1 | 0.5.12-1 |
| gnu | libextractor | >= 0 < 0.5.12-1 | 0.5.12-1 |
| gnu | libextractor | >= 0 < 0.5.12-1 | 0.5.12-1 |
| gnu | libextractor | >= 0 < 0.5.12-1 | 0.5.12-1 |
| xpdf | xpdf | — | — |
| xpdf | xpdf | >= 0 < 3.02-1.3 | 3.02-1.3 |
| xpdf | xpdf | >= 0 < 3.02-1.3 | 3.02-1.3 |
| xpdf | xpdf | >= 0 < 3.02-1.3 | 3.02-1.3 |
| xpdf | xpdf | >= 0 < 3.02-1.3 | 3.02-1.3 |
CVSS provenance
nvd7.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH