Bug 248194 (CVE-2007-3387) - CVE-2007-3387 xpdf integer overflow
Summary: CVE-2007-3387 xpdf integer overflow
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2007-3387
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 248197 248198 248199 248200 248202 248203 248204 248205 248206 248207 248208 248209 248210 248211 248212 248213 248214 248215 248216 248217 248218 248219 248220 248221 248222 248223 251509 251511 251512 251513 251514 251515 251518 251519 251522 251524
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-07-13 20:24 UTC by Josh Bressers
Modified: 2019-09-29 12:20 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-02-15 14:52:56 UTC
Embargoed:


Attachments (Terms of Use)
Proposed upstream fix (981 bytes, patch)
2007-07-13 20:25 UTC, Josh Bressers
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0720 0 normal SHIPPED_LIVE Important: cups security update 2008-01-07 22:55:04 UTC
Red Hat Product Errata RHSA-2007:0729 0 normal SHIPPED_LIVE Important: kdegraphics security update 2008-01-07 22:50:04 UTC
Red Hat Product Errata RHSA-2007:0730 0 normal SHIPPED_LIVE Important: gpdf security update 2008-01-07 22:53:04 UTC
Red Hat Product Errata RHSA-2007:0731 0 normal SHIPPED_LIVE Important: tetex security update 2007-08-01 09:46:28 UTC
Red Hat Product Errata RHSA-2007:0732 0 normal SHIPPED_LIVE Important: poppler security update 2007-07-30 18:58:47 UTC
Red Hat Product Errata RHSA-2007:0735 0 normal SHIPPED_LIVE Important: xpdf security update 2008-01-07 19:03:57 UTC

Description Josh Bressers 2007-07-13 20:24:45 UTC
Maurycy Prodeus discovered an integer overflow flaw in the way xpdf processes
PDF files.  It's possible this flaw could be used to execute arbitrary code as
the user running the application using the xpdf source.

Comment 1 Josh Bressers 2007-07-13 20:25:28 UTC
Created attachment 159239 [details]
Proposed upstream fix

Comment 13 Mark J. Cox 2007-07-19 10:25:32 UTC
embargo moved by upstream to Jul 28

Comment 15 Mark J. Cox 2007-07-20 11:54:22 UTC
krh, these packages are affected (I verified them) because of the patch we
applied to fix CVE-2005-3193.  

Comment 23 Josh Bressers 2007-07-30 17:45:11 UTC
These issues should now be considered public.

Comment 30 Tomas Hoger 2007-08-09 15:19:23 UTC
KDE Security Advisory with patches for koffice and kdegraphics:

http://www.kde.org/info/security/advisory-20070730-1.txt


Comment 31 Fedora Update System 2008-02-08 08:17:22 UTC
poppler-0.5.4-8.fc7 has been submitted as an update for Fedora 7

Comment 32 Fedora Update System 2008-02-13 05:19:43 UTC
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 33 Fedora Update System 2008-02-13 15:00:37 UTC
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 34 Fedora Update System 2008-02-13 15:09:40 UTC
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.