Vulnerabilities > CVE-2007-3387 - Integer Overflow or Wraparound vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Vulnerable Configurations

Part Description Count
Application
Xpdfreader
1
Application
Apple
81
Application
Freedesktop
21
Application
Gpdf_Project
2
OS
Debian
2
OS
Canonical
3

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200710-20.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200710-20 (PDFKit, ImageKits: Buffer overflow) Maurycy Prodeus discovered an integer overflow vulnerability possibly leading to a stack-based buffer overflow in the XPDF code which PDFKit is based on. ImageKits also contains a copy of PDFKit. Impact : By enticing a user to view a specially crafted PDF file with a viewer based on ImageKits or PDFKit such as Gentoo
    last seen2020-06-01
    modified2020-06-02
    plugin id27518
    published2007-10-19
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27518
    titleGLSA-200710-20 : PDFKit, ImageKits: Buffer overflow
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200710-20.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27518);
      script_version("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:44");
    
      script_cve_id("CVE-2007-3387");
      script_xref(name:"GLSA", value:"200710-20");
    
      script_name(english:"GLSA-200710-20 : PDFKit, ImageKits: Buffer overflow");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200710-20
    (PDFKit, ImageKits: Buffer overflow)
    
        Maurycy Prodeus discovered an integer overflow vulnerability possibly
        leading to a stack-based buffer overflow in the XPDF code which PDFKit
        is based on. ImageKits also contains a copy of PDFKit.
      
    Impact :
    
        By enticing a user to view a specially crafted PDF file with a viewer
        based on ImageKits or PDFKit such as Gentoo's ViewPDF, a remote
        attacker could cause an overflow, potentially resulting in the
        execution of arbitrary code with the privileges of the user running the
        application.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200709-12"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200710-20"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "PDFKit and ImageKits are not maintained upstream, so the packages were
        masked in Portage. We recommend that users unmerge PDFKit and
        ImageKits:
        # emerge --unmerge gnustep-libs/pdfkit
        # emerge --unmerge gnustep-libs/imagekits
        As an alternative, users should upgrade their systems to use PopplerKit
        instead of PDFKit and Vindaloo instead of ViewPDF."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:imagekits");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:pdfkit");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/10/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"gnustep-libs/imagekits", unaffected:make_list(), vulnerable:make_list("le 0.6"))) flag++;
    if (qpkg_check(package:"gnustep-libs/pdfkit", unaffected:make_list(), vulnerable:make_list("le 0.9_pre062906"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "PDFKit / ImageKits");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-496-1.NASL
    descriptionDerek Noonburg discovered an integer overflow in the Xpdf function StreamPredictor::StreamPredictor(). By importing a specially crafted PDF file into KWord, this could be exploited to run arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id28098
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28098
    titleUbuntu 6.06 LTS / 6.10 / 7.04 : koffice vulnerability (USN-496-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-496-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(28098);
      script_version("1.19");
      script_cvs_date("Date: 2019/08/02 13:33:01");
    
      script_cve_id("CVE-2007-3387");
      script_bugtraq_id(25124);
      script_xref(name:"USN", value:"496-1");
    
      script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 : koffice vulnerability (USN-496-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Derek Noonburg discovered an integer overflow in the Xpdf function
    StreamPredictor::StreamPredictor(). By importing a specially crafted
    PDF file into KWord, this could be exploited to run arbitrary code
    with the user's privileges.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/496-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:karbon");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kchart");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kexi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kformula");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kivio");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kivio-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:koffice");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:koffice-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:koffice-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:koffice-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:koffice-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:koffice-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:koffice-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:koshell");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kplato");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kpresenter");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kpresenter-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krita");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:krita-data");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kspread");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kthesaurus");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kugar");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kword");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kword-data");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/08/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(6\.06|6\.10|7\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"6.06", pkgname:"karbon", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kchart", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kexi", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kformula", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kivio", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kivio-data", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"koffice", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"koffice-data", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"koffice-dbg", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"koffice-dev", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"koffice-doc", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"koffice-doc-html", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"koffice-libs", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"koshell", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kplato", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kpresenter", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kpresenter-data", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"krita", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"krita-data", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kspread", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kthesaurus", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kugar", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kword", pkgver:"1:1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"kword-data", pkgver:"1.5.0-0ubuntu9.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"karbon", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kchart", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kexi", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kformula", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kivio", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kivio-data", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"koffice", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"koffice-data", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"koffice-dbg", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"koffice-dev", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"koffice-doc", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"koffice-doc-html", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"koffice-libs", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"koshell", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kplato", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kpresenter", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kpresenter-data", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"krita", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"krita-data", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kspread", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kthesaurus", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kugar", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kword", pkgver:"1:1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"kword-data", pkgver:"1.5.2-0ubuntu2.2")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"karbon", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kchart", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kexi", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kformula", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kivio", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kivio-data", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"koffice", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"koffice-data", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"koffice-dbg", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"koffice-dev", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"koffice-doc", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"koffice-doc-html", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"koffice-libs", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"koshell", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kplato", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kpresenter", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kpresenter-data", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"krita", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"krita-data", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kspread", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kthesaurus", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kugar", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kword", pkgver:"1:1.6.2-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"kword-data", pkgver:"1.6.2-0ubuntu1.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "karbon / kchart / kexi / kformula / kivio / kivio-data / koffice / etc");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200709-17.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200709-17 (teTeX: Multiple buffer overflows) Mark Richters discovered a buffer overflow in the open_sty() function in file mkind.c. Other vulnerabilities have also been discovered in the same file but might not be exploitable (CVE-2007-0650). Tetex also includes vulnerable code from GD library (GLSA 200708-05), and from Xpdf (CVE-2007-3387). Impact : A remote attacker could entice a user to process a specially crafted PNG, GIF or PDF file, or to execute
    last seen2020-06-01
    modified2020-06-02
    plugin id26215
    published2007-10-03
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/26215
    titleGLSA-200709-17 : teTeX: Multiple buffer overflows
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0720.NASL
    descriptionUpdated CUPS packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Maurycy Prodeus discovered an integer overflow flaw in the way CUPS processes PDF files. An attacker could create a malicious PDF file that could potentially execute arbitrary code when printed. (CVE-2007-3387) All users of CUPS should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25812
    published2007-07-31
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25812
    titleCentOS 3 / 4 / 5 : cups (CESA-2007:0720)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-669.NASL
    description - Fri Aug 10 2007 Jindrich Novy <jnovy at redhat.com> 3.0-35 - backport upstream fix for xpdf integer overflow CVE-2007-3387 (#251515) - don
    last seen2020-06-01
    modified2020-06-02
    plugin id25913
    published2007-08-21
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25913
    titleFedora Core 6 : tetex-3.0-35.fc6 (2007-669)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-162.NASL
    descriptionMaurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause kpdf to crash and possibly execute arbitrary code open a user opening the file. This update provides packages which are patched to prevent these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25894
    published2007-08-15
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25894
    titleMandrake Linux Security Advisory : kdegraphics (MDKSA-2007:162)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1352.NASL
    descriptionIt was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. pdfkit.framework includes a copy of the xpdf code and required an update as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id25860
    published2007-08-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25860
    titleDebian DSA-1352-1 : pdfkit.framework - integer overflow
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-165.NASL
    descriptionMaurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause cups to crash and possibly execute arbitrary code open a user opening the file. This update provides packages which are patched to prevent these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25923
    published2007-08-21
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25923
    titleMandrake Linux Security Advisory : cups (MDKSA-2007:165)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1348.NASL
    descriptionIt was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. poppler includes a copy of the xpdf code and required an update as well. The oldstable distribution (sarge) doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id25856
    published2007-08-13
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25856
    titleDebian DSA-1348-1 : poppler - integer overflow
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070730_CUPS_ON_SL5_X.NASL
    descriptionMaurycy Prodeus discovered an integer overflow flaw in the way CUPS processes PDF files. An attacker could create a malicious PDF file that could potentially execute arbitrary code when printed. (CVE-2007-3387)
    last seen2020-06-01
    modified2020-06-02
    plugin id60232
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60232
    titleScientific Linux Security Update : cups on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-160.NASL
    descriptionMaurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause pdftohtml to crash and possibly execute arbitrary code open a user opening the file. This update provides packages which are patched to prevent these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25892
    published2007-08-15
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25892
    titleMandrake Linux Security Advisory : pdftohtml (MDKSA-2007:160)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0731.NASL
    descriptionUpdated tetex packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of TeTeX should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25832
    published2007-08-02
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25832
    titleCentOS 3 / 4 / 5 : tetex (CESA-2007:0731)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0732.NASL
    descriptionFrom Red Hat Security Advisory 2007:0732 : Updated poppler packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as evince. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of poppler should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67552
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67552
    titleOracle Linux 5 : poppler (ELSA-2007-0732)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200710-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200710-08 (KOffice, KWord, KPDF, KDE Graphics Libraries: Stack-based buffer overflow) KPDF includes code from xpdf that is vulnerable to an integer overflow in the StreamPredictor::StreamPredictor() function. Impact : A remote attacker could entice a user to open a specially crafted PDF file in KWord or KPDF that would exploit the integer overflow to cause a stack-based buffer overflow in the StreamPredictor::getNextLine() function, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id26979
    published2007-10-12
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26979
    titleGLSA-200710-08 : KOffice, KWord, KPDF, KDE Graphics Libraries: Stack-based buffer overflow
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-158.NASL
    descriptionMaurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause xpdf to crash and possibly execute arbitrary code open a user opening the file. This update provides packages which are patched to prevent these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25891
    published2007-08-15
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25891
    titleMandrake Linux Security Advisory : xpdf (MDKSA-2007:158)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1354.NASL
    descriptionIt was discovered that an integer overflow in xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. gpdf includes a copy of the xpdf code and requires an update as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id25887
    published2007-08-15
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25887
    titleDebian DSA-1354-1 : gpdf - integer overflow
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KDEGRAPHICS3-PDF-3972.NASL
    descriptionA buffer overflow in the xpdf code contained in kpdf could be exploited by attackers to potentially execute arbitrary code (CVE-2007-3387).
    last seen2020-06-01
    modified2020-06-02
    plugin id27288
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27288
    titleopenSUSE 10 Security Update : kdegraphics3-pdf (kdegraphics3-pdf-3972)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1347.NASL
    descriptionIt was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.
    last seen2020-06-01
    modified2020-06-02
    plugin id25855
    published2007-08-13
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25855
    titleDebian DSA-1347-1 : xpdf - integer overflow
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070730_KDEGRAPHICS_ON_SL5_X.NASL
    descriptionMaurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387)
    last seen2020-06-01
    modified2020-06-02
    plugin id60234
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60234
    titleScientific Linux Security Update : kdegraphics on SL5.x, SL4.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1614.NASL
    descriptionThis is an update to address a stack-based buffer overflow vulnerability in kword
    last seen2020-06-01
    modified2020-06-02
    plugin id27724
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27724
    titleFedora 7 : koffice-1.6.3-9.fc7 (2007-1614)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1594.NASL
    descriptionThis is an update to address a vulnerability in kpdf, one that can cause a stack based buffer overflow. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27723
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27723
    titleFedora 7 : kdegraphics-3.5.7-2.fc7 (2007-1594)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0735.NASL
    descriptionFrom Red Hat Security Advisory 2007:0735 : Updated xpdf packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of Xpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67553
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67553
    titleOracle Linux 3 / 4 : xpdf (ELSA-2007-0735)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_POPPLER-3991.NASL
    descriptionA buffer overflow in the xpdf code contained in poppler could be exploited by attackers to potentially execute arbitrary code (CVE-2007-3387).
    last seen2020-06-01
    modified2020-06-02
    plugin id27399
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27399
    titleopenSUSE 10 Security Update : poppler (poppler-3991)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-685.NASL
    description - Wed Aug 29 2007 Than Ngo <than at redhat.com> - 7:3.5.7-1.fc6.1 - resolves bz#251511, CVE-2007-3387 kpdf integer overflow Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25978
    published2007-09-05
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25978
    titleFedora Core 6 : kdegraphics-3.5.7-1.fc6.1 (2007-685)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-496-2.NASL
    descriptionUSN-496-1 fixed a vulnerability in koffice. This update provides the corresponding updates for poppler, the library used for PDF handling in Gnome. Derek Noonburg discovered an integer overflow in the Xpdf function StreamPredictor::StreamPredictor(). By importing a specially crafted PDF file into KWord, this could be exploited to run arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id28099
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28099
    titleUbuntu 6.06 LTS / 6.10 / 7.04 : poppler vulnerability (USN-496-2)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0731.NASL
    descriptionUpdated tetex packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of TeTeX should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25829
    published2007-08-01
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25829
    titleRHEL 2.1 / 3 / 4 / 5 : tetex (RHSA-2007:0731)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-163.NASL
    descriptionMaurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause koffice to crash and possibly execute arbitrary code open a user opening the file. This update provides packages which are patched to prevent these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25895
    published2007-08-15
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25895
    titleMandrake Linux Security Advisory : koffice (MDKSA-2007:163)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0730.NASL
    descriptionFrom Red Hat Security Advisory 2007:0730 : Updated kdegraphics packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. gpdf is a GNOME based viewer for Portable Document Format (PDF) files. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of gpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67550
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67550
    titleOracle Linux 4 : gpdf (ELSA-2007-0730)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-161.NASL
    descriptionMaurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause poppler to crash and possibly execute arbitrary code open a user opening the file. This update provides packages which are patched to prevent these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25893
    published2007-08-15
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25893
    titleMandrake Linux Security Advisory : poppler (MDKSA-2007:161)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1541.NASL
    descriptionThis update fixes a security problem concerning PDF handling. It also fixes printing speed with USB printers, and includes a fix for the LSPP support. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27720
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27720
    titleFedora 7 : cups-1.2.12-4.fc7 (2007-1541)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0720.NASL
    descriptionFrom Red Hat Security Advisory 2007:0720 : Updated CUPS packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Maurycy Prodeus discovered an integer overflow flaw in the way CUPS processes PDF files. An attacker could create a malicious PDF file that could potentially execute arbitrary code when printed. (CVE-2007-3387) All users of CUPS should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67544
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67544
    titleOracle Linux 3 / 4 / 5 : cups (ELSA-2007-0720)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0730.NASL
    descriptionUpdated kdegraphics packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. gpdf is a GNOME based viewer for Portable Document Format (PDF) files. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of gpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25817
    published2007-07-31
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25817
    titleRHEL 4 : gpdf (RHSA-2007:0730)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1350.NASL
    descriptionIt was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. tetex-bin includes a copy of the xpdf code and required an update as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id25858
    published2007-08-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25858
    titleDebian DSA-1350-1 : tetex-bin - integer overflow
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KDEGRAPHICS3-PDF-3968.NASL
    descriptionA buffer overflow in the xpdf code contained in kpdf could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-3387)
    last seen2020-06-01
    modified2020-06-02
    plugin id29480
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29480
    titleSuSE 10 Security Update : kdegraphics3-pdf (ZYPP Patch Number 3968)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CUPS-4044.NASL
    descriptionA buffer overflow in the xpdf code contained in cups could be exploited by attackers to potentially execute arbitrary code (CVE-2007-3387).
    last seen2020-06-01
    modified2020-06-02
    plugin id27194
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27194
    titleopenSUSE 10 Security Update : cups (cups-4044)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0732.NASL
    descriptionUpdated poppler packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as evince. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of poppler should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25818
    published2007-07-31
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25818
    titleRHEL 5 : poppler (RHSA-2007:0732)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0729.NASL
    descriptionUpdated kdegraphics packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a PDF file viewer. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of kdegraphics should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id37749
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37749
    titleCentOS 4 / 5 : kdegraphics (CESA-2007:0729)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0732.NASL
    descriptionUpdated poppler packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as evince. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of poppler should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id43649
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43649
    titleCentOS 5 : poppler (CESA-2007:0732)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070730_XPDF_ON_SL4_X.NASL
    descriptionMaurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387)
    last seen2020-06-01
    modified2020-06-02
    plugin id60236
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60236
    titleScientific Linux Security Update : xpdf on SL4.x, SL3.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_PDFTOHTML-3989.NASL
    descriptionA buffer overflow in the xpdf code contained in pdftohtml could be exploited by attackers to potentially execute arbitrary code (CVE-2007-3387).
    last seen2020-06-01
    modified2020-06-02
    plugin id27384
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27384
    titleopenSUSE 10 Security Update : pdftohtml (pdftohtml-3989)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0729.NASL
    descriptionUpdated kdegraphics packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a PDF file viewer. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of kdegraphics should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25816
    published2007-07-31
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25816
    titleRHEL 4 / 5 : kdegraphics (RHSA-2007:0729)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XPDF-3969.NASL
    descriptionA buffer overflow in xpdf could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-3387)
    last seen2020-06-01
    modified2020-06-02
    plugin id29608
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29608
    titleSuSE 10 Security Update : xpdf (ZYPP Patch Number 3969)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0729.NASL
    descriptionFrom Red Hat Security Advisory 2007:0729 : Updated kdegraphics packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a PDF file viewer. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of kdegraphics should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67549
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67549
    titleOracle Linux 4 : kdegraphics (ELSA-2007-0729)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070730_POPPLER_ON_SL5_X.NASL
    descriptionMaurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash or potentially execute arbitrary code when opened. (CVE-2007-3387)
    last seen2020-06-01
    modified2020-06-02
    plugin id60235
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60235
    titleScientific Linux Security Update : poppler on SL5.x i386/x86_64
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_0E43A14D3F3F11DCA79A0016179B2DD5.NASL
    descriptionThe KDE Team reports : kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor(). Remotely supplied pdf files can be used to disrupt the kpdf viewer on the client machine and possibly execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id25827
    published2007-08-01
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25827
    titleFreeBSD : xpdf -- stack based buffer overflow (0e43a14d-3f3f-11dc-a79a-0016179b2dd5)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-3449.NASL
    description - Fri May 9 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-11 - Applied patch to fix CVE-2008-1722 (integer overflow in image filter, bug #441692, STR #2790). - Tue Apr 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-10 - Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303). - Applied patch to fix CVE-2008-0053 (HP-GL/2 input processing, bug #438117). - Applied patch to prevent heap-based buffer overflow in CUPS helper program (bug #436153, CVE-2008-0047, STR #2729). - Fri Feb 22 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-9 - Prevent double-free when a browsed class has the same name as a printer or vice versa (CVE-2008-0882, bug #433758, STR #2656). - Mon Nov 12 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-8 - Fixed CVE-2007-4045 patch; has no effect with shipped packages since they are linked with gnutls. - LSPP fixes (cupsdSetString/ClearString). - Wed Nov 7 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-7 - Applied patch to fix CVE-2007-4045 (bug #250161). - Applied patch to fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (bug #345101). - Thu Nov 1 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-6 - Applied patch to fix CVE-2007-4351 (STR #2561, bug #361661). - Wed Oct 10 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-5 - Use ppdev for parallel port Device ID retrieval (bug #311671). - Thu Aug 9 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-4 - Applied patch to fix CVE-2007-3387 (bug #251518). - Tue Jul 31 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-3 - Better buildroot tag. - Moved LSPP access check and security attributes check in add_job() to before allocation of the job structure (bug #231522). - Mon Jul 23 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-2 - Use kernel support for USB paper-out detection, when available (bug #249213). - Fri Jul 13 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-1 - 1.2.12. No longer need adminutil or str2408 patches. - Wed Jul 4 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-3 - Better paper-out detection patch still (bug #246222). - Fri Jun 29 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-2 - Applied patch to fix group handling in PPDs (bug #186231, STR #2408). - Wed Jun 27 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-1 - Fixed permissions on classes.conf in the file manifest (bug #245748). - 1.2.11. - Tue Jun 12 2007 Tim Waugh <twaugh at redhat.com> - Make the initscript use start priority 56 (bug #213828). - Mon Jun 11 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-12 - Better paper-out detection patch (bug #241589). - Mon May 21 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-11 - Fixed _cupsAdminSetServerSettings() sharing/shared handling (bug #238057). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id32197
    published2008-05-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32197
    titleFedora 7 : cups-1.2.12-11.fc7 (2008-3449)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2007-222-02.NASL
    descriptionA new poppler package is available for Slackware 12.0 to fix an integer overflow.
    last seen2020-06-01
    modified2020-06-02
    plugin id25845
    published2007-08-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25845
    titleSlackware 12.0 : poppler (SSA:2007-222-02)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBEXTRACTOR-4041.NASL
    descriptionA buffer overflow in the libextractor code contained in kpdf could be exploited by attackers to potentially execute arbitrary code (CVE-2007-3387).
    last seen2020-06-01
    modified2020-06-02
    plugin id27323
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27323
    titleopenSUSE 10 Security Update : libextractor (libextractor-4041)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070730_GPDF_ON_SL4_X.NASL
    descriptionMaurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387)
    last seen2020-06-01
    modified2020-06-02
    plugin id60233
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60233
    titleScientific Linux Security Update : gpdf on SL4.x i386/x86_64
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1349.NASL
    descriptionIt was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. libextractor includes a copy of the xpdf code and required an update as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id25857
    published2007-08-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25857
    titleDebian DSA-1349-1 : libextractor - integer overflow
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1355.NASL
    descriptionIt was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. kpdf includes a copy of the xpdf code and required an update as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id25936
    published2007-08-28
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25936
    titleDebian DSA-1355-1 : kdegraphics - integer overflow
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070801_TETEX_ON_SL5_X.NASL
    descriptionMaurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-3387)
    last seen2020-06-01
    modified2020-06-02
    plugin id60238
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60238
    titleScientific Linux Security Update : tetex on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0730.NASL
    descriptionUpdated kdegraphics packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. gpdf is a GNOME based viewer for Portable Document Format (PDF) files. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of gpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id36643
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36643
    titleCentOS 4 : gpdf (CESA-2007:0730)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XPDF-3974.NASL
    descriptionA buffer overflow in xpdf could be exploited by attackers to potentially execute arbitrary code (CVE-2007-3387).
    last seen2020-06-01
    modified2020-06-02
    plugin id27498
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27498
    titleopenSUSE 10 Security Update : xpdf (xpdf-3974)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0735.NASL
    descriptionUpdated xpdf packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of Xpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25819
    published2007-07-31
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25819
    titleRHEL 2.1 / 3 / 4 : xpdf (RHSA-2007:0735)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0735.NASL
    descriptionUpdated xpdf packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of Xpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25813
    published2007-07-31
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25813
    titleCentOS 3 / 4 : xpdf (CESA-2007:0735)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200709-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200709-12 (Poppler: Two buffer overflow vulnerabilities) Poppler and Xpdf are vulnerable to an integer overflow in the StreamPredictor::StreamPredictor function, and a stack overflow in the StreamPredictor::getNextLine function. The original vulnerability was discovered by Maurycy Prodeus. Note: Gentoo
    last seen2020-06-01
    modified2020-06-02
    plugin id26102
    published2007-09-24
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26102
    titleGLSA-200709-12 : Poppler: Two buffer overflow vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0731.NASL
    descriptionFrom Red Hat Security Advisory 2007:0731 : Updated tetex packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of TeTeX should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67551
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67551
    titleOracle Linux 3 / 4 / 5 : tetex (ELSA-2007-0731)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_POPPLER-3992.NASL
    descriptionA buffer overflow in the xpdf code contained in poppler could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-3387)
    last seen2020-06-01
    modified2020-06-02
    plugin id29554
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29554
    titleSuSE 10 Security Update : poppler,poppler-devel (ZYPP Patch Number 3992)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2007-222-05.NASL
    descriptionNew xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, and 12.0 to fix an integer overflow.
    last seen2020-06-01
    modified2020-06-02
    plugin id25848
    published2007-08-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25848
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 9.1 : xpdf (SSA:2007-222-05)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-164.NASL
    descriptionMaurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause tetex to crash and possibly execute arbitrary code open a user opening the file. In addition, tetex contains an embedded copy of the GD library which suffers from a number of bugs which potentially lead to denial of service and possibly other issues. Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472) The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473) Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474) The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475) Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476) The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477) Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478) Updated packages have been patched to prevent these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25896
    published2007-08-15
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25896
    titleMandrake Linux Security Advisory : tetex (MDKSA-2007:164)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-1547.NASL
    description - Fri Aug 10 2007 Jindrich Novy <jnovy at redhat.com> 3.0-40.1 - backport upstream fix for xpdf integer overflow CVE-2007-3387 (#251514) - don
    last seen2020-06-01
    modified2020-06-02
    plugin id27721
    published2007-11-06
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27721
    titleFedora 7 : tetex-3.0-40.1.fc7 (2007-1547)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CUPS-4043.NASL
    descriptionA buffer overflow in the xpdf code contained in cups could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-3387)
    last seen2020-06-01
    modified2020-06-02
    plugin id29412
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29412
    titleSuSE 10 Security Update : cups (ZYPP Patch Number 4043)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1357.NASL
    descriptionIt was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. koffice includes a copy of the xpdf code and required an update as well. The oldstable distribution (sarge) will be fixed later.
    last seen2020-06-01
    modified2020-06-02
    plugin id25937
    published2007-08-28
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25937
    titleDebian DSA-1357-1 : koffice - integer overflow
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0720.NASL
    descriptionUpdated CUPS packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Maurycy Prodeus discovered an integer overflow flaw in the way CUPS processes PDF files. An attacker could create a malicious PDF file that could potentially execute arbitrary code when printed. (CVE-2007-3387) All users of CUPS should upgrade to these updated packages, which contain a backported patch to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25815
    published2007-07-31
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25815
    titleRHEL 3 / 4 / 5 : cups (RHSA-2007:0720)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2007-316-01.NASL
    descriptionNew xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current. New poppler packages are available for Slackware 12.0 and -current. New koffice packages are available for Slackware 11.0, 12.0, and -current. New kdegraphics packages are available for Slackware 10.2, 11.0, 12.0, and -current. These updated packages address similar bugs which could be used to crash applications linked with poppler or that use code from xpdf through the use of a malformed PDF document. It is possible that a maliciously crafted document could cause code to be executed in the context of the user running the application processing the PDF. These advisories and CVE entries cover the bugs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 http://www.kde.org/info/security/advisory-20071107-1.txt
    last seen2020-06-01
    modified2020-06-02
    plugin id28149
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28149
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 9.1 / current : xpdf/poppler/koffice/kdegraphics (SSA:2007-316-01)

Oval

accepted2013-04-29T04:11:52.378-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionInteger overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
familyunix
idoval:org.mitre.oval:def:11149
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleInteger overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
version27

Redhat

advisories
  • bugzilla
    id248194
    titleCVE-2007-3387 xpdf integer overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentcups is earlier than 1:1.1.22-0.rc1.9.20.2
            ovaloval:com.redhat.rhsa:tst:20070720001
          • commentcups is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060163006
        • AND
          • commentcups-libs is earlier than 1:1.1.22-0.rc1.9.20.2
            ovaloval:com.redhat.rhsa:tst:20070720003
          • commentcups-libs is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060163004
        • AND
          • commentcups-devel is earlier than 1:1.1.22-0.rc1.9.20.2
            ovaloval:com.redhat.rhsa:tst:20070720005
          • commentcups-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060163002
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentcups-libs is earlier than 1:1.2.4-11.5.3.el5
            ovaloval:com.redhat.rhsa:tst:20070720008
          • commentcups-libs is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070123013
        • AND
          • commentcups-lpd is earlier than 1:1.2.4-11.5.3.el5
            ovaloval:com.redhat.rhsa:tst:20070720010
          • commentcups-lpd is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070123015
        • AND
          • commentcups is earlier than 1:1.2.4-11.5.3.el5
            ovaloval:com.redhat.rhsa:tst:20070720012
          • commentcups is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070123009
        • AND
          • commentcups-devel is earlier than 1:1.2.4-11.5.3.el5
            ovaloval:com.redhat.rhsa:tst:20070720014
          • commentcups-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070123011
    rhsa
    idRHSA-2007:0720
    released2008-01-07
    severityImportant
    titleRHSA-2007:0720: cups security update (Important)
  • bugzilla
    id248194
    titleCVE-2007-3387 xpdf integer overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentkdegraphics is earlier than 7:3.3.1-4.RHEL4
            ovaloval:com.redhat.rhsa:tst:20070729001
          • commentkdegraphics is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060206004
        • AND
          • commentkdegraphics-devel is earlier than 7:3.3.1-4.RHEL4
            ovaloval:com.redhat.rhsa:tst:20070729003
          • commentkdegraphics-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060206002
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentkdegraphics-devel is earlier than 7:3.5.4-2.el5
            ovaloval:com.redhat.rhsa:tst:20070729006
          • commentkdegraphics-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070729007
        • AND
          • commentkdegraphics is earlier than 7:3.5.4-2.el5
            ovaloval:com.redhat.rhsa:tst:20070729008
          • commentkdegraphics is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070729009
    rhsa
    idRHSA-2007:0729
    released2008-01-07
    severityImportant
    titleRHSA-2007:0729: kdegraphics security update (Important)
  • bugzilla
    id248194
    titleCVE-2007-3387 xpdf integer overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • commentgpdf is earlier than 0:2.8.2-7.7
        ovaloval:com.redhat.rhsa:tst:20070730001
      • commentgpdf is signed with Red Hat master key
        ovaloval:com.redhat.rhsa:tst:20060177002
    rhsa
    idRHSA-2007:0730
    released2008-01-07
    severityImportant
    titleRHSA-2007:0730: gpdf security update (Important)
  • bugzilla
    id248194
    titleCVE-2007-3387 xpdf integer overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commenttetex-afm is earlier than 0:2.0.2-22.0.1.EL4.8
            ovaloval:com.redhat.rhsa:tst:20070731001
          • commenttetex-afm is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060160010
        • AND
          • commenttetex-xdvi is earlier than 0:2.0.2-22.0.1.EL4.8
            ovaloval:com.redhat.rhsa:tst:20070731003
          • commenttetex-xdvi is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060160012
        • AND
          • commenttetex-doc is earlier than 0:2.0.2-22.0.1.EL4.8
            ovaloval:com.redhat.rhsa:tst:20070731005
          • commenttetex-doc is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060160004
        • AND
          • commenttetex is earlier than 0:2.0.2-22.0.1.EL4.8
            ovaloval:com.redhat.rhsa:tst:20070731007
          • commenttetex is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060160002
        • AND
          • commenttetex-fonts is earlier than 0:2.0.2-22.0.1.EL4.8
            ovaloval:com.redhat.rhsa:tst:20070731009
          • commenttetex-fonts is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060160014
        • AND
          • commenttetex-latex is earlier than 0:2.0.2-22.0.1.EL4.8
            ovaloval:com.redhat.rhsa:tst:20070731011
          • commenttetex-latex is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060160006
        • AND
          • commenttetex-dvips is earlier than 0:2.0.2-22.0.1.EL4.8
            ovaloval:com.redhat.rhsa:tst:20070731013
          • commenttetex-dvips is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060160008
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commenttetex-dvips is earlier than 0:3.0-33.1.el5
            ovaloval:com.redhat.rhsa:tst:20070731016
          • commenttetex-dvips is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070731017
        • AND
          • commenttetex-latex is earlier than 0:3.0-33.1.el5
            ovaloval:com.redhat.rhsa:tst:20070731018
          • commenttetex-latex is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070731019
        • AND
          • commenttetex-afm is earlier than 0:3.0-33.1.el5
            ovaloval:com.redhat.rhsa:tst:20070731020
          • commenttetex-afm is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070731021
        • AND
          • commenttetex-fonts is earlier than 0:3.0-33.1.el5
            ovaloval:com.redhat.rhsa:tst:20070731022
          • commenttetex-fonts is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070731023
        • AND
          • commenttetex is earlier than 0:3.0-33.1.el5
            ovaloval:com.redhat.rhsa:tst:20070731024
          • commenttetex is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070731025
        • AND
          • commenttetex-doc is earlier than 0:3.0-33.1.el5
            ovaloval:com.redhat.rhsa:tst:20070731026
          • commenttetex-doc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070731027
        • AND
          • commenttetex-xdvi is earlier than 0:3.0-33.1.el5
            ovaloval:com.redhat.rhsa:tst:20070731028
          • commenttetex-xdvi is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070731029
    rhsa
    idRHSA-2007:0731
    released2007-08-01
    severityImportant
    titleRHSA-2007:0731: tetex security update (Important)
  • bugzilla
    id248194
    titleCVE-2007-3387 xpdf integer overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentpoppler-devel is earlier than 0:0.5.4-4.1.el5
            ovaloval:com.redhat.rhsa:tst:20070732001
          • commentpoppler-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070732002
        • AND
          • commentpoppler is earlier than 0:0.5.4-4.1.el5
            ovaloval:com.redhat.rhsa:tst:20070732003
          • commentpoppler is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070732004
        • AND
          • commentpoppler-utils is earlier than 0:0.5.4-4.1.el5
            ovaloval:com.redhat.rhsa:tst:20070732005
          • commentpoppler-utils is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070732006
    rhsa
    idRHSA-2007:0732
    released2007-07-30
    severityImportant
    titleRHSA-2007:0732: poppler security update (Important)
  • bugzilla
    id248194
    titleCVE-2007-3387 xpdf integer overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • commentxpdf is earlier than 1:3.00-12.RHEL4
        ovaloval:com.redhat.rhsa:tst:20070735001
      • commentxpdf is signed with Red Hat master key
        ovaloval:com.redhat.rhsa:tst:20060201002
    rhsa
    idRHSA-2007:0735
    released2008-01-07
    severityImportant
    titleRHSA-2007:0735: xpdf security update (Important)
rpms
  • cups-1:1.1.17-13.3.45
  • cups-1:1.1.22-0.rc1.9.20.2
  • cups-1:1.2.4-11.5.3.el5
  • cups-debuginfo-1:1.1.17-13.3.45
  • cups-debuginfo-1:1.1.22-0.rc1.9.20.2
  • cups-debuginfo-1:1.2.4-11.5.3.el5
  • cups-devel-1:1.1.17-13.3.45
  • cups-devel-1:1.1.22-0.rc1.9.20.2
  • cups-devel-1:1.2.4-11.5.3.el5
  • cups-libs-1:1.1.17-13.3.45
  • cups-libs-1:1.1.22-0.rc1.9.20.2
  • cups-libs-1:1.2.4-11.5.3.el5
  • cups-lpd-1:1.2.4-11.5.3.el5
  • kdegraphics-7:3.3.1-4.RHEL4
  • kdegraphics-7:3.5.4-2.el5
  • kdegraphics-debuginfo-7:3.3.1-4.RHEL4
  • kdegraphics-debuginfo-7:3.5.4-2.el5
  • kdegraphics-devel-7:3.3.1-4.RHEL4
  • kdegraphics-devel-7:3.5.4-2.el5
  • gpdf-0:2.8.2-7.7
  • gpdf-debuginfo-0:2.8.2-7.7
  • tetex-0:1.0.7-38.5E.11
  • tetex-0:1.0.7-67.10
  • tetex-0:2.0.2-22.0.1.EL4.8
  • tetex-0:3.0-33.1.el5
  • tetex-afm-0:1.0.7-38.5E.11
  • tetex-afm-0:1.0.7-67.10
  • tetex-afm-0:2.0.2-22.0.1.EL4.8
  • tetex-afm-0:3.0-33.1.el5
  • tetex-debuginfo-0:1.0.7-67.10
  • tetex-debuginfo-0:2.0.2-22.0.1.EL4.8
  • tetex-debuginfo-0:3.0-33.1.el5
  • tetex-doc-0:1.0.7-38.5E.11
  • tetex-doc-0:2.0.2-22.0.1.EL4.8
  • tetex-doc-0:3.0-33.1.el5
  • tetex-dvilj-0:1.0.7-38.5E.11
  • tetex-dvips-0:1.0.7-38.5E.11
  • tetex-dvips-0:1.0.7-67.10
  • tetex-dvips-0:2.0.2-22.0.1.EL4.8
  • tetex-dvips-0:3.0-33.1.el5
  • tetex-fonts-0:1.0.7-38.5E.11
  • tetex-fonts-0:1.0.7-67.10
  • tetex-fonts-0:2.0.2-22.0.1.EL4.8
  • tetex-fonts-0:3.0-33.1.el5
  • tetex-latex-0:1.0.7-38.5E.11
  • tetex-latex-0:1.0.7-67.10
  • tetex-latex-0:2.0.2-22.0.1.EL4.8
  • tetex-latex-0:3.0-33.1.el5
  • tetex-xdvi-0:1.0.7-38.5E.11
  • tetex-xdvi-0:1.0.7-67.10
  • tetex-xdvi-0:2.0.2-22.0.1.EL4.8
  • tetex-xdvi-0:3.0-33.1.el5
  • poppler-0:0.5.4-4.1.el5
  • poppler-debuginfo-0:0.5.4-4.1.el5
  • poppler-devel-0:0.5.4-4.1.el5
  • poppler-utils-0:0.5.4-4.1.el5
  • xpdf-1:0.92-18.RHEL2
  • xpdf-1:2.02-10.RHEL3
  • xpdf-1:3.00-12.RHEL4
  • xpdf-debuginfo-1:2.02-10.RHEL3
  • xpdf-debuginfo-1:3.00-12.RHEL4

References