Bug 428126 (CVE-2007-0104)
Summary: | CVE-2007-0104 xpdf infinite loop DoS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Mark J. Cox <mjc> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | tcallawa, than |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0104 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-01-09 12:45:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mark J. Cox
2008-01-09 12:40:19 UTC
Based on our own research and information from Adobe we believe the description of this issue isn't totally accurate (this isn't a problem with the specification, but with specific implementations of the specification). Basically, some implementations of the PDF spec, including acrobat reader 7.0.8, erroneously allow page tree objects that refer back to themselves. As a result, an infinite loop could be created. As far as we could tell, the worst a malformed file could do is DOS the application. We do not consider a user-assisted DoS of a client application such as xpdf be a security issue. |