CVE-2007-5392
published 2007-11-08CVE-2007-5392: Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file…
critical9.3CVSS 3.1
AVNACMAuNCCICAC
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | cups | >= 0 < 1.1.22-7 | 1.1.22-7 |
| apple | cups | >= 0 < 1.1.22-7 | 1.1.22-7 |
| apple | cups | >= 0 < 1.1.22-7 | 1.1.22-7 |
| apple | cups | >= 0 < 1.1.22-7 | 1.1.22-7 |
| debian | cups | < cups 1.1.22-7 (bookworm) | cups 1.1.22-7 (bookworm) |
| debian | libextractor | < cups 1.1.22-7 (bookworm) | cups 1.1.22-7 (bookworm) |
| debian | poppler | < cups 1.1.22-7 (bookworm) | cups 1.1.22-7 (bookworm) |
| debian | xpdf | < cups 1.1.22-7 (bookworm) | cups 1.1.22-7 (bookworm) |
| freedesktop | poppler | >= 0 < 0.6.2-1 | 0.6.2-1 |
| freedesktop | poppler | >= 0 < 0.6.2-1 | 0.6.2-1 |
| freedesktop | poppler | >= 0 < 0.6.2-1 | 0.6.2-1 |
| freedesktop | poppler | >= 0 < 0.6.2-1 | 0.6.2-1 |
| gnu | libextractor | >= 0 < 0.5.12-1 | 0.5.12-1 |
| gnu | libextractor | >= 0 < 0.5.12-1 | 0.5.12-1 |
| gnu | libextractor | >= 0 < 0.5.12-1 | 0.5.12-1 |
| gnu | libextractor | >= 0 < 0.5.12-1 | 0.5.12-1 |
| xpdf | xpdf | — | — |
| xpdf | xpdf | >= 0 < 3.02-1.3 | 3.02-1.3 |
| xpdf | xpdf | >= 0 < 3.02-1.3 | 3.02-1.3 |
| xpdf | xpdf | >= 0 < 3.02-1.3 | 3.02-1.3 |
| xpdf | xpdf | >= 0 < 3.02-1.3 | 3.02-1.3 |
CVSS provenance
nvd9.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL