Bug 248194 - (CVE-2007-3387) CVE-2007-3387 xpdf integer overflow
CVE-2007-3387 xpdf integer overflow
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
source=secalert,reported=20070712,imp...
: Security
Depends On: 248197 248198 248199 248200 248202 248203 248204 248205 248206 248207 248208 248209 248210 248211 248212 248213 248214 248215 248216 248217 248218 248219 248220 248221 248222 248223 251509 251511 251512 251513 251514 251515 251518 251519 251522 251524
Blocks:
  Show dependency treegraph
 
Reported: 2007-07-13 16:24 EDT by Josh Bressers
Modified: 2016-03-04 07:51 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-15 09:52:56 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Proposed upstream fix (981 bytes, patch)
2007-07-13 16:25 EDT, Josh Bressers
no flags Details | Diff

  None (edit)
Description Josh Bressers 2007-07-13 16:24:45 EDT
Maurycy Prodeus discovered an integer overflow flaw in the way xpdf processes
PDF files.  It's possible this flaw could be used to execute arbitrary code as
the user running the application using the xpdf source.
Comment 1 Josh Bressers 2007-07-13 16:25:28 EDT
Created attachment 159239 [details]
Proposed upstream fix
Comment 13 Mark J. Cox (Product Security) 2007-07-19 06:25:32 EDT
embargo moved by upstream to Jul 28
Comment 15 Mark J. Cox (Product Security) 2007-07-20 07:54:22 EDT
krh, these packages are affected (I verified them) because of the patch we
applied to fix CVE-2005-3193.  
Comment 23 Josh Bressers 2007-07-30 13:45:11 EDT
These issues should now be considered public.
Comment 30 Tomas Hoger 2007-08-09 11:19:23 EDT
KDE Security Advisory with patches for koffice and kdegraphics:

http://www.kde.org/info/security/advisory-20070730-1.txt
Comment 31 Fedora Update System 2008-02-08 03:17:22 EST
poppler-0.5.4-8.fc7 has been submitted as an update for Fedora 7
Comment 32 Fedora Update System 2008-02-13 00:19:43 EST
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 33 Fedora Update System 2008-02-13 10:00:37 EST
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 34 Fedora Update System 2008-02-13 10:09:40 EST
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.