Vulnerabilities > CVE-2007-5392 - Buffer Errors vulnerability in Xpdf 3.0.1Pl1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2007-3100.NASL description This update fixes several PDF handling security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28162 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28162 title Fedora 7 : cups-1.2.12-7.fc7 (2007-3100) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-3100. # include("compat.inc"); if (description) { script_id(28162); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2007-0720", "CVE-2007-4045", "CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"); script_bugtraq_id(25124, 26367); script_xref(name:"FEDORA", value:"2007-3100"); script_name(english:"Fedora 7 : cups-1.2.12-7.fc7 (2007-3100)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes several PDF handling security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=250161" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=345101" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004642.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7e5ed0b0" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-lpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"cups-1.2.12-7.fc7")) flag++; if (rpm_check(release:"FC7", reference:"cups-debuginfo-1.2.12-7.fc7")) flag++; if (rpm_check(release:"FC7", reference:"cups-devel-1.2.12-7.fc7")) flag++; if (rpm_check(release:"FC7", reference:"cups-libs-1.2.12-7.fc7")) flag++; if (rpm_check(release:"FC7", reference:"cups-lpd-1.2.12-7.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-debuginfo / cups-devel / cups-libs / cups-lpd"); }NASL family Fedora Local Security Checks NASL id FEDORA_2007-750.NASL description - fix dvips -z buffer overflow with long href (#368591) - fix insecure usage of temporary file in dviljk (#368611, #368641) - update License and BuildRoot tags - fix t1lib flaw CVE-2007-4033 (#352271) - fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121) - xdvi won last seen 2020-06-01 modified 2020-06-02 plugin id 28314 published 2007-11-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28314 title Fedora Core 6 : tetex-3.0-36.fc6 (2007-750) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-750. # include("compat.inc"); if (description) { script_id(28314); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_cve_id("CVE-2007-4033", "CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"); script_xref(name:"FEDORA", value:"2007-750"); script_name(english:"Fedora Core 6 : tetex-3.0-36.fc6 (2007-750)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - fix dvips -z buffer overflow with long href (#368591) - fix insecure usage of temporary file in dviljk (#368611, #368641) - update License and BuildRoot tags - fix t1lib flaw CVE-2007-4033 (#352271) - fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121) - xdvi won't segfault if DVI file contains character which is not present in font (#243630) - enable compilation with ccache Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/005128.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?61fd12b0" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tetex"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tetex-afm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tetex-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tetex-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tetex-dvips"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tetex-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tetex-latex"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tetex-xdvi"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:6"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 6.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC6", reference:"tetex-3.0-36.fc6")) flag++; if (rpm_check(release:"FC6", reference:"tetex-afm-3.0-36.fc6")) flag++; if (rpm_check(release:"FC6", reference:"tetex-debuginfo-3.0-36.fc6")) flag++; if (rpm_check(release:"FC6", reference:"tetex-doc-3.0-36.fc6")) flag++; if (rpm_check(release:"FC6", reference:"tetex-dvips-3.0-36.fc6")) flag++; if (rpm_check(release:"FC6", reference:"tetex-fonts-3.0-36.fc6")) flag++; if (rpm_check(release:"FC6", reference:"tetex-latex-3.0-36.fc6")) flag++; if (rpm_check(release:"FC6", reference:"tetex-xdvi-3.0-36.fc6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tetex / tetex-afm / tetex-debuginfo / tetex-doc / tetex-dvips / etc"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1029.NASL description From Red Hat Security Advisory 2007:1029 : Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67606 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67606 title Oracle Linux 4 : xpdf (ELSA-2007-1029) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:1029 and # Oracle Linux Security Advisory ELSA-2007-1029 respectively. # include("compat.inc"); if (description) { script_id(67606); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"); script_bugtraq_id(26367); script_xref(name:"RHSA", value:"2007:1029"); script_name(english:"Oracle Linux 4 : xpdf (ELSA-2007-1029)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2007:1029 : Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-November/000387.html" ); script_set_attribute(attribute:"solution", value:"Update the affected xpdf package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xpdf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/07"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL4", cpu:"i386", reference:"xpdf-3.00-14.el4")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"xpdf-3.00-14.el4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xpdf"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1025.NASL description Updated gpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. gpdf is a GNOME-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37484 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37484 title RHEL 4 : gpdf (RHSA-2007:1025) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:1025. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(37484); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393"); script_bugtraq_id(26367); script_xref(name:"RHSA", value:"2007:1025"); script_name(english:"RHEL 4 : gpdf (RHSA-2007:1025)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated gpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. gpdf is a GNOME-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-4352" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5392" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5393" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:1025" ); script_set_attribute(attribute:"solution", value:"Update the affected gpdf package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gpdf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.5"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/07"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:1025"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"gpdf-2.8.2-7.7.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gpdf"); } }NASL family SuSE Local Security Checks NASL id SUSE_CUPS-4668.NASL description A buffer overflow in the xpdf code contained in cups could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393). last seen 2020-06-01 modified 2020-06-02 plugin id 28203 published 2007-11-14 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28203 title openSUSE 10 Security Update : cups (cups-4668) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200711-22.NASL description The remote host is affected by the vulnerability described in GLSA-200711-22 (Poppler, KDE: User-assisted execution of arbitrary code) Alin Rad Pop (Secunia Research) discovered several vulnerabilities in the last seen 2020-06-01 modified 2020-06-02 plugin id 28261 published 2007-11-20 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28261 title GLSA-200711-22 : Poppler, KDE: User-assisted execution of arbitrary code NASL family Scientific Linux Local Security Checks NASL id SL_20071107_CUPS_ON_SL5_X.NASL description Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) last seen 2020-06-01 modified 2020-06-02 plugin id 60287 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60287 title Scientific Linux Security Update : cups on SL5.x, SL4.x, SL3.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_POPPLER-4630.NASL description A buffer overflow in the xpdf code contained in poppler could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-4352 / CVE-2007-5392 / CVE-2007-5393) last seen 2020-06-01 modified 2020-06-02 plugin id 29555 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29555 title SuSE 10 Security Update : poppler (ZYPP Patch Number 4630) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-230.NASL description A flaw in the t1lib library where an attacker could create a malicious file that would cause tetex to crash or possibly execute arbitrary code when opened (CVE-2007-4033). Alin Rad Pop found several flaws in how PDF files are handled in tetex. An attacker could create a malicious PDF file that would cause tetex to crash or potentially execute arbitrary code when opened (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393). A stack-based buffer overflow in dvips in tetex allows for user-assisted attackers to execute arbitrary code via a DVI file with a long href tag (CVE-2007-5935). A vulnerability in dvips in tetex allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place (CVE-2007-5936). Multiple buffer overflows in dviljk in tetext may allow users-assisted attackers to execute arbitrary code via a crafted DVI input file (CVE-2007-5937). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 28324 published 2007-11-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28324 title Mandrake Linux Security Advisory : tetex (MDKSA-2007:230) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-222.NASL description Alin Rad Pop found several flaws in how PDF files are handled in koffice. An attacker could create a malicious PDF file that would cause koffice to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 37295 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37295 title Mandrake Linux Security Advisory : koffice (MDKSA-2007:222) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1022.NASL description From Red Hat Security Advisory 2007:1022 : Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67599 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67599 title Oracle Linux 4 : cups (ELSA-2007-1022) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-160.NASL description Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause pdftohtml to crash and possibly execute arbitrary code open a user opening the file. This update provides packages which are patched to prevent these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25892 published 2007-08-15 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25892 title Mandrake Linux Security Advisory : pdftohtml (MDKSA-2007:160) NASL family SuSE Local Security Checks NASL id SUSE_KDEGRAPHICS3-PDF-4682.NASL description A buffer overflow in the xpdf code contained in kpdf could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-4352 / CVE-2007-5392 / CVE-2007-5393) last seen 2020-06-01 modified 2020-06-02 plugin id 29481 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29481 title SuSE 10 Security Update : kdegraphics3-pdf (ZYPP Patch Number 4682) NASL family Fedora Local Security Checks NASL id FEDORA_2007-3014.NASL description Resolves: xpdf memory corruption in DCTStream::readProgressiveDataUnit() xpdf buffer overflow in DCTStream::reset() xpdf buffer overflow in CCITTFaxStream::lookChar() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28157 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28157 title Fedora 8 : xpdf-3.02-4.fc8 (2007-3014) NASL family Scientific Linux Local Security Checks NASL id SL_20071107_CUPS_ON_SL4_X.NASL description Problem description : Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) last seen 2020-06-01 modified 2020-06-02 plugin id 60286 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60286 title Scientific Linux Security Update : cups on SL4.x i386/x86_64 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1027.NASL description From Red Hat Security Advisory 2007:1027 : Updated tetex packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (dvi) file as output. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67604 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67604 title Oracle Linux 4 : tetex (ELSA-2007-1027) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1025.NASL description From Red Hat Security Advisory 2007:1025 : Updated gpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. gpdf is a GNOME-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67602 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67602 title Oracle Linux 4 : gpdf (ELSA-2007-1025) NASL family Scientific Linux Local Security Checks NASL id SL_20071107_POPPLER_ON_SL5_X.NASL description Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) last seen 2020-06-01 modified 2020-06-02 plugin id 60290 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60290 title Scientific Linux Security Update : poppler on SL5.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2007-3001.NASL description This update addresses a security issue in kpdf, that can cause crashes or possibly execute arbitrary code, see http://www.kde.org/info/security/advisory-20071107-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28155 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28155 title Fedora 8 : kdegraphics-3.5.8-7.fc8 (2007-3001) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1030.NASL description Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37859 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37859 title CentOS 3 : xpdf (CESA-2007:1030) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1029.NASL description Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 38001 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38001 title CentOS 4 : xpdf (CESA-2007:1029) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1029.NASL description Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36380 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36380 title RHEL 4 : xpdf (RHSA-2007:1029) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1030.NASL description Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27839 published 2007-11-08 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27839 title RHEL 3 : xpdf (RHSA-2007:1030) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-227.NASL description Alin Rad Pop found several flaws in how PDF files are handled in poppler. An attacker could create a malicious PDF file that would cause poppler to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 37783 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37783 title Mandrake Linux Security Advisory : poppler (MDKSA-2007:227) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1027.NASL description Updated tetex packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (dvi) file as output. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27852 published 2007-11-09 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27852 title RHEL 4 / 5 : tetex (RHSA-2007:1027) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1027.NASL description Updated tetex packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (dvi) file as output. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36664 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36664 title CentOS 4 : tetex (CESA-2007:1027) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-542-2.NASL description USN-542-1 fixed a vulnerability in poppler. This update provides the corresponding updates for KWord, part of KOffice. Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 28249 published 2007-11-16 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28249 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : koffice vulnerabilities (USN-542-2) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1024.NASL description From Red Hat Security Advisory 2007:1024 : Updated kdegraphics packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment. This includes kpdf, a PDF file viewer. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) All kdegraphics users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67601 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67601 title Oracle Linux 4 : kdegraphics (ELSA-2007-1024) NASL family SuSE Local Security Checks NASL id SUSE_GPDF-4651.NASL description A buffer overflow in the xpdf code contained in gpdf could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393). last seen 2020-06-01 modified 2020-06-02 plugin id 28170 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28170 title openSUSE 10 Security Update : gpdf (gpdf-4651) NASL family Fedora Local Security Checks NASL id FEDORA_2007-2982.NASL description This update fixes a remote code execution vulnerability in the IPP handling part of the CUPS scheduler, as well as several PDF handling security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27822 published 2007-11-08 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27822 title Fedora 8 : cups-1.3.4-2.fc8 (2007-2982) NASL family SuSE Local Security Checks NASL id SUSE_XPDF-4644.NASL description A buffer overflow in xpdf could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-4352 / CVE-2007-5392 / CVE-2007-5393) last seen 2020-06-01 modified 2020-06-02 plugin id 29609 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29609 title SuSE 10 Security Update : xpdf (ZYPP Patch Number 4644) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-221.NASL description Alin Rad Pop found several flaws in how PDF files are handled in kpdf. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 37122 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37122 title Mandrake Linux Security Advisory : kdegraphics (MDKSA-2007:221) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1537.NASL description Alin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf, a set of tools for display and conversion of Portable Document Format (PDF) files. The Common Vulnerabilities and Exposures project identifies the following three problems : - CVE-2007-4352 Inadequate DCT stream validation allows an attacker to corrupt memory and potentially execute arbitrary code by supplying a maliciously crafted PDF file. - CVE-2007-5392 An integer overflow vulnerability in DCT stream handling could allow an attacker to overflow a heap buffer, enabling the execution of arbitrary code. - CVE-2007-5393 A buffer overflow vulnerability in xpdf last seen 2020-06-01 modified 2020-06-02 plugin id 31807 published 2008-04-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31807 title Debian DSA-1537-1 : xpdf - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_LIBEXTRACTOR-4646.NASL description A buffer overflow in the xpdf code contained in libextractor could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393). last seen 2020-06-01 modified 2020-06-02 plugin id 28174 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28174 title openSUSE 10 Security Update : libextractor (libextractor-4646) NASL family SuSE Local Security Checks NASL id SUSE_XPDF-4643.NASL description A buffer overflow in xpdf could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393). last seen 2020-06-01 modified 2020-06-02 plugin id 28179 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28179 title openSUSE 10 Security Update : xpdf (xpdf-4643) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1030.NASL description From Red Hat Security Advisory 2007:1030 : Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67607 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67607 title Oracle Linux 3 : xpdf (ELSA-2007-1030) NASL family Fedora Local Security Checks NASL id FEDORA_2007-4031.NASL description This package contains the latest stable upstream release of poppler. New upstream version incorporate fixes for following security issues affecting xpdf code included in poppler: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 It also includes more headers in the -devel subpackage and fixes a problem in the -qt3 subpackage. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 29265 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29265 title Fedora 8 : poppler-0.6.2-1.fc8 (2007-4031) NASL family SuSE Local Security Checks NASL id SUSE_KOFFICE-4649.NASL description A buffer overflow in the xpdf code contained in koffice could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393). last seen 2020-06-01 modified 2020-06-02 plugin id 28173 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28173 title openSUSE 10 Security Update : koffice (koffice-4649) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1022.NASL description Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36860 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36860 title RHEL 4 : cups (RHSA-2007:1022) NASL family SuSE Local Security Checks NASL id SUSE_POPPLER-4638.NASL description A buffer overflow in the xpdf code contained in poppler could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393). last seen 2020-06-01 modified 2020-06-02 plugin id 28178 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28178 title openSUSE 10 Security Update : poppler (poppler-4638) NASL family Scientific Linux Local Security Checks NASL id SL_20071108_TETEX_ON_SL5_X.NASL description Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) last seen 2020-06-01 modified 2020-06-02 plugin id 60294 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60294 title Scientific Linux Security Update : tetex on SL5.x, SL4.x, SL3.x i386/x86_64 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1025.NASL description Updated gpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. gpdf is a GNOME-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36452 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36452 title CentOS 4 : gpdf (CESA-2007:1025) NASL family SuSE Local Security Checks NASL id SUSE9_11965.NASL description A number of vulnerabilities have been found in the xpdf code used by cups which could be exploited, potentially remotely, by tricking the user to print a specially crafted PDF file. The vulnerabilities are in the source code file Stream.cc and may allow execution of arbitrary code with the privileges of the user viewing the PDF. Specifically, these are an array indexing error leading to memory corruption (CVE-2007-4352), a possible integer overflow causing to a buffer overflow (CVE-2007-5392) and a boundary check error that can also cause a buffer overflow. (CVE-2007-5393) last seen 2020-06-01 modified 2020-06-02 plugin id 41166 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41166 title SuSE9 Security Update : Cups (YOU Patch Number 11965) NASL family Fedora Local Security Checks NASL id FEDORA_2007-3390.NASL description - fix t1lib flaw CVE-2007-4033 (#352271) - fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121) - xdvi won last seen 2020-06-01 modified 2020-06-02 plugin id 28307 published 2007-11-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28307 title Fedora 7 : tetex-3.0-40.3.fc7 (2007-3390) NASL family Fedora Local Security Checks NASL id FEDORA_2007-3031.NASL description Resolves: xpdf memory corruption in DCTStream::readProgressiveDataUnit() xpdf buffer overflow in DCTStream::reset() xpdf buffer overflow in CCITTFaxStream::lookChar() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28158 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28158 title Fedora 7 : xpdf-3.02-4.fc7 (2007-3031) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1026.NASL description From Red Hat Security Advisory 2007:1026 : Updated poppler packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as evince. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67603 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67603 title Oracle Linux 5 : poppler (ELSA-2007-1026) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-228.NASL description Alin Rad Pop found several flaws in how PDF files are handled in cups. An attacker could create a malicious PDF file that would cause cups to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 28276 published 2007-11-20 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28276 title Mandrake Linux Security Advisory : cups (MDKSA-2007:228) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1021.NASL description Updated CUPS packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27835 published 2007-11-08 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27835 title RHEL 5 : cups (RHSA-2007:1021) NASL family Fedora Local Security Checks NASL id FEDORA_2007-3308.NASL description - fix t1lib flaw CVE-2007-4033 (#352271) - fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121) - fix dvips -z buffer overflow with long href CVE-2007-5935 (#368591) - fix insecure usage of temporary file in dviljk CVE-2007-5936 CVE-2007-5937 (#368611, #368641) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28306 published 2007-11-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28306 title Fedora 8 : tetex-3.0-44.3.fc8 (2007-3308) NASL family Fedora Local Security Checks NASL id FEDORA_2008-3449.NASL description - Fri May 9 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-11 - Applied patch to fix CVE-2008-1722 (integer overflow in image filter, bug #441692, STR #2790). - Tue Apr 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-10 - Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303). - Applied patch to fix CVE-2008-0053 (HP-GL/2 input processing, bug #438117). - Applied patch to prevent heap-based buffer overflow in CUPS helper program (bug #436153, CVE-2008-0047, STR #2729). - Fri Feb 22 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-9 - Prevent double-free when a browsed class has the same name as a printer or vice versa (CVE-2008-0882, bug #433758, STR #2656). - Mon Nov 12 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-8 - Fixed CVE-2007-4045 patch; has no effect with shipped packages since they are linked with gnutls. - LSPP fixes (cupsdSetString/ClearString). - Wed Nov 7 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-7 - Applied patch to fix CVE-2007-4045 (bug #250161). - Applied patch to fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (bug #345101). - Thu Nov 1 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-6 - Applied patch to fix CVE-2007-4351 (STR #2561, bug #361661). - Wed Oct 10 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-5 - Use ppdev for parallel port Device ID retrieval (bug #311671). - Thu Aug 9 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-4 - Applied patch to fix CVE-2007-3387 (bug #251518). - Tue Jul 31 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-3 - Better buildroot tag. - Moved LSPP access check and security attributes check in add_job() to before allocation of the job structure (bug #231522). - Mon Jul 23 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-2 - Use kernel support for USB paper-out detection, when available (bug #249213). - Fri Jul 13 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-1 - 1.2.12. No longer need adminutil or str2408 patches. - Wed Jul 4 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-3 - Better paper-out detection patch still (bug #246222). - Fri Jun 29 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-2 - Applied patch to fix group handling in PPDs (bug #186231, STR #2408). - Wed Jun 27 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-1 - Fixed permissions on classes.conf in the file manifest (bug #245748). - 1.2.11. - Tue Jun 12 2007 Tim Waugh <twaugh at redhat.com> - Make the initscript use start priority 56 (bug #213828). - Mon Jun 11 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-12 - Better paper-out detection patch (bug #241589). - Mon May 21 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-11 - Fixed _cupsAdminSetServerSettings() sharing/shared handling (bug #238057). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 32197 published 2008-05-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32197 title Fedora 7 : cups-1.2.12-11.fc7 (2008-3449) NASL family Fedora Local Security Checks NASL id FEDORA_2007-2985.NASL description This is an update to the latest kde-3.5.8 release. For more details, see http://kde.org/announcements/announce-3.5.8.php This also addresses a security issue in kpdf, that can cause crashes or possibly execute arbitrary code, see http://www.kde.org/info/security/advisory-20071107-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28186 published 2007-11-14 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28186 title Fedora 7 : arts-1.5.8-4.fc7 / kde-i18n-3.5.8-1.fc7 / kdeaccessibility-3.5.8-2.fc7 / etc (2007-2985) NASL family Scientific Linux Local Security Checks NASL id SL_20071107_XPDF_ON_SL4_X.NASL description Problem description : Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) last seen 2020-06-01 modified 2020-06-02 plugin id 60292 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60292 title Scientific Linux Security Update : xpdf on SL4.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_CUPS-4667.NASL description A buffer overflow in the xpdf code contained in cups could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-4352 / CVE-2007-5392 / CVE-2007-5393) last seen 2020-06-01 modified 2020-06-02 plugin id 29413 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29413 title SuSE 10 Security Update : Cups (ZYPP Patch Number 4667) NASL family SuSE Local Security Checks NASL id SUSE_PDFTOHTML-4642.NASL description A buffer overflow in the xpdf code contained in pdftohtml could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393). last seen 2020-06-01 modified 2020-06-02 plugin id 28177 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28177 title openSUSE 10 Security Update : pdftohtml (pdftohtml-4642) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_2747FC39915B11DC9239001C2514716C.NASL description Secunia Research reports : Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user last seen 2020-06-01 modified 2020-06-02 plugin id 28193 published 2007-11-14 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28193 title FreeBSD : xpdf -- multiple remote Stream.CC vulnerabilities (2747fc39-915b-11dc-9239-001c2514716c) NASL family Fedora Local Security Checks NASL id FEDORA_2007-3059.NASL description This update includes fixes to pdf import filters that can cause crashes possibly execute arbitrary code. See http://www.kde.org/info/security/advisory-20071107-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28159 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28159 title Fedora 7 : koffice-1.6.3-13.fc7 (2007-3059) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1480.NASL description Alin Rad Pop discovered several buffer overflows in the Poppler PDF library, which could allow the execution of arbitrary code if a malformed PDF file is opened. last seen 2020-06-01 modified 2020-06-02 plugin id 30188 published 2008-02-06 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/30188 title Debian DSA-1480-1 : poppler - several vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1022.NASL description Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37428 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37428 title CentOS 4 : cups (CESA-2007:1022) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1026.NASL description Updated poppler packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as evince. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27837 published 2007-11-08 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27837 title RHEL 5 : poppler (RHSA-2007:1026) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1509.NASL description Several vulnerabilities have been discovered in xpdf code that is embedded in koffice, an integrated office suite for KDE. These flaws could allow an attacker to execute arbitrary code by inducing the user to import a specially crafted PDF document. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4352 Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. - CVE-2007-5392 Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. - CVE-2007-5393 Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. Updates for the old stable distribution (sarge) will be made available as soon as possible. last seen 2020-06-01 modified 2020-06-02 plugin id 31170 published 2008-02-26 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31170 title Debian DSA-1509-1 : koffice - multiple vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-219.NASL description Alin Rad Pop found several flaws in how PDF files are handled in xpdf. An attacker could create a malicious PDF file that would cause xpdf to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 37167 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37167 title Mandrake Linux Security Advisory : xpdf (MDKSA-2007:219) NASL family Fedora Local Security Checks NASL id FEDORA_2007-3093.NASL description This update includes fixes to pdf import filters that can cause crashes possibly execute arbitrary code. See http://www.kde.org/info/security/advisory-20071107-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28161 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28161 title Fedora 8 : koffice-1.6.3-13.fc8 (2007-3093) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-542-1.NASL description Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 28210 published 2007-11-14 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28210 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : poppler vulnerabilities (USN-542-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1024.NASL description Updated kdegraphics packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment. This includes kpdf, a PDF file viewer. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) All kdegraphics users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37318 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37318 title CentOS 4 : kdegraphics (CESA-2007:1024) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1024.NASL description Updated kdegraphics packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment. This includes kpdf, a PDF file viewer. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) All kdegraphics users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28168 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28168 title RHEL 4 : kdegraphics (RHSA-2007:1024) NASL family Scientific Linux Local Security Checks NASL id SL_20071107_GPDF_ON_SL4_X.NASL description Problem description : Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) last seen 2020-06-01 modified 2020-06-02 plugin id 60288 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60288 title Scientific Linux Security Update : gpdf on SL4.x i386/x86_64 NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2007-316-01.NASL description New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current. New poppler packages are available for Slackware 12.0 and -current. New koffice packages are available for Slackware 11.0, 12.0, and -current. New kdegraphics packages are available for Slackware 10.2, 11.0, 12.0, and -current. These updated packages address similar bugs which could be used to crash applications linked with poppler or that use code from xpdf through the use of a malformed PDF document. It is possible that a maliciously crafted document could cause code to be executed in the context of the user running the application processing the PDF. These advisories and CVE entries cover the bugs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 http://www.kde.org/info/security/advisory-20071107-1.txt last seen 2020-06-01 modified 2020-06-02 plugin id 28149 published 2007-11-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28149 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 9.1 / current : xpdf/poppler/koffice/kdegraphics (SSA:2007-316-01) NASL family Scientific Linux Local Security Checks NASL id SL_20071112_KDEGRAPHICS_ON_SL5_X.NASL description Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 last seen 2020-06-01 modified 2020-06-02 plugin id 60300 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60300 title Scientific Linux Security Update : kdegraphics on SL5.x, SL4.x i386/x86_64 NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-223.NASL description Alin Rad Pop found several flaws in how PDF files are handled in pdftohtml. An attacker could create a malicious PDF file that would cause pdftohtml to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 28273 published 2007-11-20 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/28273 title Mandrake Linux Security Advisory : pdftohtml (MDKSA-2007:223)
Oval
| accepted | 2013-04-29T04:00:43.978-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10036 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. | ||||||||||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://secunia.com/advisories/26503
- http://secunia.com/advisories/27260
- http://secunia.com/advisories/27553
- http://secunia.com/advisories/27573
- http://secunia.com/advisories/27574
- http://secunia.com/advisories/27575
- http://secunia.com/advisories/27577
- http://secunia.com/advisories/27578
- http://secunia.com/advisories/27599
- http://secunia.com/advisories/27615
- http://secunia.com/advisories/27618
- http://secunia.com/advisories/27619
- http://secunia.com/advisories/27632
- http://secunia.com/advisories/27634
- http://secunia.com/advisories/27636
- http://secunia.com/advisories/27637
- http://secunia.com/advisories/27640
- http://secunia.com/advisories/27641
- http://secunia.com/advisories/27642
- http://secunia.com/advisories/27645
- http://secunia.com/advisories/27656
- http://secunia.com/advisories/27658
- http://secunia.com/advisories/27705
- http://secunia.com/advisories/27721
- http://secunia.com/advisories/27724
- http://secunia.com/advisories/27743
- http://secunia.com/advisories/27856
- http://secunia.com/advisories/28043
- http://secunia.com/advisories/28812
- http://secunia.com/advisories/29104
- http://secunia.com/advisories/29604
- http://secunia.com/advisories/30168
- http://secunia.com/secunia_research/2007-88/advisory/
- http://security.gentoo.org/glsa/glsa-200711-22.xml
- http://security.gentoo.org/glsa/glsa-200711-34.xml
- http://security.gentoo.org/glsa/glsa-200805-13.xml
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
- http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.html
- http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.html
- http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html
- http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.html
- http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html
- http://www.debian.org/security/2008/dsa-1480
- http://www.debian.org/security/2008/dsa-1509
- http://www.debian.org/security/2008/dsa-1537
- http://www.kde.org/info/security/advisory-20071107-1.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:219
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:220
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:221
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:222
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:223
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:227
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:228
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
- http://www.novell.com/linux/security/advisories/2007_60_pdf.html
- http://www.redhat.com/support/errata/RHSA-2007-1021.html
- http://www.redhat.com/support/errata/RHSA-2007-1022.html
- http://www.redhat.com/support/errata/RHSA-2007-1024.html
- http://www.redhat.com/support/errata/RHSA-2007-1025.html
- http://www.redhat.com/support/errata/RHSA-2007-1026.html
- http://www.redhat.com/support/errata/RHSA-2007-1027.html
- http://www.redhat.com/support/errata/RHSA-2007-1029.html
- http://www.redhat.com/support/errata/RHSA-2007-1030.html
- http://www.securityfocus.com/archive/1/483372
- http://www.securityfocus.com/bid/26367
- http://www.securitytracker.com/id?1018905
- http://www.ubuntu.com/usn/usn-542-1
- http://www.ubuntu.com/usn/usn-542-2
- http://www.vupen.com/english/advisories/2007/3774
- http://www.vupen.com/english/advisories/2007/3775
- http://www.vupen.com/english/advisories/2007/3776
- http://www.vupen.com/english/advisories/2007/3779
- http://www.vupen.com/english/advisories/2007/3786
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38303
- https://issues.rpath.com/browse/RPL-1926
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10036
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html