Bug 345111 - (CVE-2007-5392) CVE-2007-5392 xpdf buffer overflow in DCTStream::reset()
CVE-2007-5392 xpdf buffer overflow in DCTStream::reset()
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
source=vendorsec,reported=20071022,pu...
: Security
Depends On: 356551 356561 356571 356581 356601 356611 356641 356651 356671 356681 356691 356701 356711 356721 356791 356811 356821 372461 372471 372481 372491 372501 372511 372521 372551 372561 372571 372581 372591 372601 372611 372651 372661 372671
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-22 08:44 EDT by Tomas Hoger
Modified: 2008-02-15 10:03 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-15 10:03:31 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Hoger 2007-10-22 08:44:36 EDT
Alin Rad Pop of the Secunia Research has discovered a vulnerability in
xpdf/Stream.cc code:

An integer overflow error exists within the "DCTStream::reset()"
method in xpdf/Stream.cc. This can be exploited to cause a heap-based
buffer overflow via a specially crafted PDF file.

Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
Comment 20 Josh Bressers 2007-11-07 11:27:17 EST
This is now public:
http://marc.info/?l=full-disclosure&m=119445179723160&w=2
Comment 21 Fedora Update System 2008-02-08 03:17:27 EST
poppler-0.5.4-8.fc7 has been submitted as an update for Fedora 7
Comment 22 Fedora Update System 2008-02-13 00:19:48 EST
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 23 Fedora Update System 2008-02-13 10:00:43 EST
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 24 Fedora Update System 2008-02-13 10:09:45 EST
poppler-0.5.4-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.