Vulnerabilities > CVE-2007-5393 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xpdf 3.02P11

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.

Vulnerable Configurations

Part Description Count
Application
Xpdf
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-1028.NASL
    descriptionUpdated tetex packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (dvi) file as output. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37834
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37834
    titleCentOS 3 : tetex (CESA-2007:1028)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:1028 and 
    # CentOS Errata and Security Advisory 2007:1028 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(37834);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/25 13:36:04");
    
      script_cve_id("CVE-2007-5393");
      script_bugtraq_id(26367);
      script_xref(name:"RHSA", value:"2007:1028");
    
      script_name(english:"CentOS 3 : tetex (CESA-2007:1028)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated tetex packages that fix a security issue are now available for
    Red Hat Enterprise Linux 2.1 and 3.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    TeTeX is an implementation of TeX. TeX takes a text file and a set of
    formatting commands as input, and creates a typesetter-independent
    DeVice Independent (dvi) file as output.
    
    Alin Rad Pop discovered a flaw in the handling of PDF files. An
    attacker could create a malicious PDF file that would cause TeTeX to
    crash, or potentially execute arbitrary code when opened.
    (CVE-2007-5393)
    
    Users are advised to upgrade to these updated packages, which contain
    backported patches to resolve these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-November/014375.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?91ee2a79"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-November/014384.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?690d3c9d"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-November/014385.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5b2674ad"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected tetex packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tetex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tetex-afm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tetex-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tetex-dvips");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tetex-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tetex-latex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:tetex-xdvi");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"tetex-1.0.7-67.11")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"tetex-afm-1.0.7-67.11")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"tetex-doc-1.0.7-67.11")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"tetex-dvips-1.0.7-67.11")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"tetex-fonts-1.0.7-67.11")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"tetex-latex-1.0.7-67.11")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"tetex-xdvi-1.0.7-67.11")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tetex / tetex-afm / tetex-doc / tetex-dvips / tetex-fonts / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1408.NASL
    descriptionAlin Rad Pop discovered a buffer overflow in kpdf, which could allow the execution of arbitrary code if a malformed PDF file is displayed. The old stable distribution (sarge) will be fixed later.
    last seen2020-06-01
    modified2020-06-02
    plugin id28297
    published2007-11-26
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28297
    titleDebian DSA-1408-1 : kdegraphics - buffer overflow
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1408. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(28297);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2007-5393");
      script_xref(name:"DSA", value:"1408");
    
      script_name(english:"Debian DSA-1408-1 : kdegraphics - buffer overflow");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Alin Rad Pop discovered a buffer overflow in kpdf, which could allow
    the execution of arbitrary code if a malformed PDF file is displayed.
    
    The old stable distribution (sarge) will be fixed later."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2007/dsa-1408"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the kdegraphics packages.
    
    For the stable distribution (etch), this problem has been fixed in
    version 4:3.5.5-3etch2. Builds for arm and sparc are not yet
    available."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kdegraphics");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"kamera", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kcoloredit", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kdegraphics", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kdegraphics-dbg", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kdegraphics-dev", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kdegraphics-doc-html", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kdegraphics-kfile-plugins", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kdvi", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kfax", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kfaxview", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kgamma", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kghostview", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kiconedit", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kmrml", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kolourpaint", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kooka", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kpdf", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kpovmodeler", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kruler", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"ksnapshot", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"ksvg", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kuickshow", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kview", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"kviewshell", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"libkscan-dev", reference:"4:3.5.5-3etch2")) flag++;
    if (deb_check(release:"4.0", prefix:"libkscan1", reference:"4:3.5.5-3etch2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1031.NASL
    descriptionUpdated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27840
    published2007-11-08
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27840
    titleRHEL 2.1 : xpdf (RHSA-2007:1031)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:1031. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27840);
      script_version ("1.22");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2007-4033", "CVE-2007-5393");
      script_bugtraq_id(25079, 26367);
      script_xref(name:"RHSA", value:"2007:1031");
    
      script_name(english:"RHEL 2.1 : xpdf (RHSA-2007:1031)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated xpdf packages that fix several security issues are now
    available for Red Hat Enterprise Linux 2.1.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    Xpdf is an X Window System-based viewer for Portable Document Format
    (PDF) files.
    
    Alin Rad Pop discovered a flaw in the handling of PDF files. An
    attacker could create a malicious PDF file that would cause Xpdf to
    crash, or potentially execute arbitrary code when opened.
    (CVE-2007-5393)
    
    A flaw was found in the t1lib library, used in the handling of Type 1
    fonts. An attacker could create a malicious file that would cause Xpdf
    to crash, or potentially execute arbitrary code when opened.
    (CVE-2007-4033)
    
    Users are advised to upgrade to these updated packages, which contain
    backported patches to resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-4033"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5393"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2007:1031"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xpdf package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xpdf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2007:1031";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"xpdf-0.92-19.el2")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xpdf");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-3100.NASL
    descriptionThis update fixes several PDF handling security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28162
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28162
    titleFedora 7 : cups-1.2.12-7.fc7 (2007-3100)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-3100.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(28162);
      script_version ("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:25");
    
      script_cve_id("CVE-2007-0720", "CVE-2007-4045", "CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393");
      script_bugtraq_id(25124, 26367);
      script_xref(name:"FEDORA", value:"2007-3100");
    
      script_name(english:"Fedora 7 : cups-1.2.12-7.fc7 (2007-3100)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes several PDF handling security issues.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=250161"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=345101"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004642.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7e5ed0b0"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups-lpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC7", reference:"cups-1.2.12-7.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"cups-debuginfo-1.2.12-7.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"cups-devel-1.2.12-7.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"cups-libs-1.2.12-7.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"cups-lpd-1.2.12-7.fc7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-debuginfo / cups-devel / cups-libs / cups-lpd");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1023.NASL
    descriptionUpdated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27836
    published2007-11-08
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27836
    titleRHEL 3 : cups (RHSA-2007:1023)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:1023. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27836);
      script_version ("1.23");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2007-4045", "CVE-2007-4351", "CVE-2007-5393");
      script_bugtraq_id(26367, 26524);
      script_xref(name:"RHSA", value:"2007:1023");
    
      script_name(english:"RHEL 3 : cups (RHSA-2007:1023)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated cups packages that fix several security issues are now
    available for Red Hat Enterprise Linux 3.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    The Common UNIX Printing System (CUPS) provides a portable printing
    layer for UNIX(R) operating systems.
    
    Alin Rad Pop discovered a flaw in the handling of PDF files. An
    attacker could create a malicious PDF file that would cause CUPS to
    crash or potentially execute arbitrary code when printed.
    (CVE-2007-5393)
    
    Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP
    tags. A remote attacker who is able to connect to the IPP TCP port
    could send a malicious request causing the CUPS daemon to crash.
    (CVE-2007-4351)
    
    A flaw was found in the way CUPS handled SSL negotiation. A remote
    attacker capable of connecting to the CUPS daemon could cause CUPS to
    crash. (CVE-2007-4045)
    
    All CUPS users are advised to upgrade to these updated packages, which
    contain backported patches to resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-4045"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-4351"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5393"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2007:1023"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected cups, cups-devel and / or cups-libs packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119, 189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-libs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2007:1023";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"cups-1.1.17-13.3.46")) flag++;
      if (rpm_check(release:"RHEL3", reference:"cups-devel-1.1.17-13.3.46")) flag++;
      if (rpm_check(release:"RHEL3", reference:"cups-libs-1.1.17-13.3.46")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-750.NASL
    description - fix dvips -z buffer overflow with long href (#368591) - fix insecure usage of temporary file in dviljk (#368611, #368641) - update License and BuildRoot tags - fix t1lib flaw CVE-2007-4033 (#352271) - fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121) - xdvi won
    last seen2020-06-01
    modified2020-06-02
    plugin id28314
    published2007-11-26
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28314
    titleFedora Core 6 : tetex-3.0-36.fc6 (2007-750)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-750.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(28314);
      script_version ("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:26");
    
      script_cve_id("CVE-2007-4033", "CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393");
      script_xref(name:"FEDORA", value:"2007-750");
    
      script_name(english:"Fedora Core 6 : tetex-3.0-36.fc6 (2007-750)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - fix dvips -z buffer overflow with long href (#368591)
    
        - fix insecure usage of temporary file in dviljk
          (#368611, #368641)
    
      - update License and BuildRoot tags
    
        - fix t1lib flaw CVE-2007-4033 (#352271)
    
        - fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various
          xpdf flaws (#345121)
    
      - xdvi won't segfault if DVI file contains character which
        is not present in font (#243630)
    
      - enable compilation with ccache
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-November/005128.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?61fd12b0"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tetex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tetex-afm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tetex-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tetex-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tetex-dvips");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tetex-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tetex-latex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:tetex-xdvi");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:6");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 6.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC6", reference:"tetex-3.0-36.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"tetex-afm-3.0-36.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"tetex-debuginfo-3.0-36.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"tetex-doc-3.0-36.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"tetex-dvips-3.0-36.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"tetex-fonts-3.0-36.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"tetex-latex-3.0-36.fc6")) flag++;
    if (rpm_check(release:"FC6", reference:"tetex-xdvi-3.0-36.fc6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tetex / tetex-afm / tetex-debuginfo / tetex-doc / tetex-dvips / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1029.NASL
    descriptionFrom Red Hat Security Advisory 2007:1029 : Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67606
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67606
    titleOracle Linux 4 : xpdf (ELSA-2007-1029)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2007:1029 and 
    # Oracle Linux Security Advisory ELSA-2007-1029 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67606);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:07");
    
      script_cve_id("CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393");
      script_bugtraq_id(26367);
      script_xref(name:"RHSA", value:"2007:1029");
    
      script_name(english:"Oracle Linux 4 : xpdf (ELSA-2007-1029)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2007:1029 :
    
    Updated xpdf packages that fix several security issues are now
    available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    Xpdf is an X Window System-based viewer for Portable Document Format
    (PDF) files.
    
    Alin Rad Pop discovered several flaws in the handling of PDF files. An
    attacker could create a malicious PDF file that would cause Xpdf to
    crash, or potentially execute arbitrary code when opened.
    (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)
    
    Users are advised to upgrade to these updated packages, which contain
    backported patches to resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2007-November/000387.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected xpdf package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xpdf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL4", cpu:"i386", reference:"xpdf-3.00-14.el4")) flag++;
    if (rpm_check(release:"EL4", cpu:"x86_64", reference:"xpdf-3.00-14.el4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xpdf");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1025.NASL
    descriptionUpdated gpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. gpdf is a GNOME-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37484
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37484
    titleRHEL 4 : gpdf (RHSA-2007:1025)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:1025. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(37484);
      script_version ("1.23");
      script_cvs_date("Date: 2019/10/25 13:36:13");
    
      script_cve_id("CVE-2007-4352", "CVE-2007-5392", "CVE-2007-5393");
      script_bugtraq_id(26367);
      script_xref(name:"RHSA", value:"2007:1025");
    
      script_name(english:"RHEL 4 : gpdf (RHSA-2007:1025)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated gpdf packages that fix several security issues are now
    available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    gpdf is a GNOME-based viewer for Portable Document Format (PDF) files.
    
    Alin Rad Pop discovered several flaws in the handling of PDF files. An
    attacker could create a malicious PDF file that would cause gpdf to
    crash, or potentially execute arbitrary code when opened.
    (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)
    
    Users are advised to upgrade to these updated packages, which contain
    backported patches to resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-4352"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5392"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2007-5393"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2007:1025"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gpdf package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gpdf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/11/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/11/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2007:1025";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"gpdf-2.8.2-7.7.1")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gpdf");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CUPS-4668.NASL
    descriptionA buffer overflow in the xpdf code contained in cups could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
    last seen2020-06-01
    modified2020-06-02
    plugin id28203
    published2007-11-14
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28203
    titleopenSUSE 10 Security Update : cups (cups-4668)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200711-22.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200711-22 (Poppler, KDE: User-assisted execution of arbitrary code) Alin Rad Pop (Secunia Research) discovered several vulnerabilities in the
    last seen2020-06-01
    modified2020-06-02
    plugin id28261
    published2007-11-20
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28261
    titleGLSA-200711-22 : Poppler, KDE: User-assisted execution of arbitrary code
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20071107_CUPS_ON_SL5_X.NASL
    descriptionAlin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)
    last seen2020-06-01
    modified2020-06-02
    plugin id60287
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60287
    titleScientific Linux Security Update : cups on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_POPPLER-4630.NASL
    descriptionA buffer overflow in the xpdf code contained in poppler could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-4352 / CVE-2007-5392 / CVE-2007-5393)
    last seen2020-06-01
    modified2020-06-02
    plugin id29555
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29555
    titleSuSE 10 Security Update : poppler (ZYPP Patch Number 4630)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-230.NASL
    descriptionA flaw in the t1lib library where an attacker could create a malicious file that would cause tetex to crash or possibly execute arbitrary code when opened (CVE-2007-4033). Alin Rad Pop found several flaws in how PDF files are handled in tetex. An attacker could create a malicious PDF file that would cause tetex to crash or potentially execute arbitrary code when opened (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393). A stack-based buffer overflow in dvips in tetex allows for user-assisted attackers to execute arbitrary code via a DVI file with a long href tag (CVE-2007-5935). A vulnerability in dvips in tetex allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place (CVE-2007-5936). Multiple buffer overflows in dviljk in tetext may allow users-assisted attackers to execute arbitrary code via a crafted DVI input file (CVE-2007-5937). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id28324
    published2007-11-26
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28324
    titleMandrake Linux Security Advisory : tetex (MDKSA-2007:230)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-222.NASL
    descriptionAlin Rad Pop found several flaws in how PDF files are handled in koffice. An attacker could create a malicious PDF file that would cause koffice to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id37295
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37295
    titleMandrake Linux Security Advisory : koffice (MDKSA-2007:222)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1022.NASL
    descriptionFrom Red Hat Security Advisory 2007:1022 : Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67599
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67599
    titleOracle Linux 4 : cups (ELSA-2007-1022)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-160.NASL
    descriptionMaurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause pdftohtml to crash and possibly execute arbitrary code open a user opening the file. This update provides packages which are patched to prevent these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id25892
    published2007-08-15
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25892
    titleMandrake Linux Security Advisory : pdftohtml (MDKSA-2007:160)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KDEGRAPHICS3-PDF-4682.NASL
    descriptionA buffer overflow in the xpdf code contained in kpdf could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-4352 / CVE-2007-5392 / CVE-2007-5393)
    last seen2020-06-01
    modified2020-06-02
    plugin id29481
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29481
    titleSuSE 10 Security Update : kdegraphics3-pdf (ZYPP Patch Number 4682)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-3014.NASL
    descriptionResolves: xpdf memory corruption in DCTStream::readProgressiveDataUnit() xpdf buffer overflow in DCTStream::reset() xpdf buffer overflow in CCITTFaxStream::lookChar() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28157
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28157
    titleFedora 8 : xpdf-3.02-4.fc8 (2007-3014)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20071107_CUPS_ON_SL4_X.NASL
    descriptionProblem description : Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045)
    last seen2020-06-01
    modified2020-06-02
    plugin id60286
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60286
    titleScientific Linux Security Update : cups on SL4.x i386/x86_64
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1027.NASL
    descriptionFrom Red Hat Security Advisory 2007:1027 : Updated tetex packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (dvi) file as output. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67604
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67604
    titleOracle Linux 4 : tetex (ELSA-2007-1027)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-1023.NASL
    descriptionUpdated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37449
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37449
    titleCentOS 3 : cups (CESA-2007:1023)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1025.NASL
    descriptionFrom Red Hat Security Advisory 2007:1025 : Updated gpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. gpdf is a GNOME-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67602
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67602
    titleOracle Linux 4 : gpdf (ELSA-2007-1025)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20071107_POPPLER_ON_SL5_X.NASL
    descriptionAlin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)
    last seen2020-06-01
    modified2020-06-02
    plugin id60290
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60290
    titleScientific Linux Security Update : poppler on SL5.x i386/x86_64
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-3001.NASL
    descriptionThis update addresses a security issue in kpdf, that can cause crashes or possibly execute arbitrary code, see http://www.kde.org/info/security/advisory-20071107-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28155
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28155
    titleFedora 8 : kdegraphics-3.5.8-7.fc8 (2007-3001)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-1030.NASL
    descriptionUpdated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37859
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37859
    titleCentOS 3 : xpdf (CESA-2007:1030)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-1029.NASL
    descriptionUpdated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id38001
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38001
    titleCentOS 4 : xpdf (CESA-2007:1029)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1029.NASL
    descriptionUpdated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36380
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36380
    titleRHEL 4 : xpdf (RHSA-2007:1029)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1030.NASL
    descriptionUpdated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27839
    published2007-11-08
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27839
    titleRHEL 3 : xpdf (RHSA-2007:1030)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-227.NASL
    descriptionAlin Rad Pop found several flaws in how PDF files are handled in poppler. An attacker could create a malicious PDF file that would cause poppler to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id37783
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37783
    titleMandrake Linux Security Advisory : poppler (MDKSA-2007:227)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1027.NASL
    descriptionUpdated tetex packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (dvi) file as output. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27852
    published2007-11-09
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27852
    titleRHEL 4 / 5 : tetex (RHSA-2007:1027)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-1027.NASL
    descriptionUpdated tetex packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (dvi) file as output. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36664
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36664
    titleCentOS 4 : tetex (CESA-2007:1027)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-542-2.NASL
    descriptionUSN-542-1 fixed a vulnerability in poppler. This update provides the corresponding updates for KWord, part of KOffice. Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id28249
    published2007-11-16
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28249
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : koffice vulnerabilities (USN-542-2)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1024.NASL
    descriptionFrom Red Hat Security Advisory 2007:1024 : Updated kdegraphics packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment. This includes kpdf, a PDF file viewer. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) All kdegraphics users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67601
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67601
    titleOracle Linux 4 : kdegraphics (ELSA-2007-1024)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GPDF-4651.NASL
    descriptionA buffer overflow in the xpdf code contained in gpdf could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
    last seen2020-06-01
    modified2020-06-02
    plugin id28170
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28170
    titleopenSUSE 10 Security Update : gpdf (gpdf-4651)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-2982.NASL
    descriptionThis update fixes a remote code execution vulnerability in the IPP handling part of the CUPS scheduler, as well as several PDF handling security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27822
    published2007-11-08
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27822
    titleFedora 8 : cups-1.3.4-2.fc8 (2007-2982)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XPDF-4644.NASL
    descriptionA buffer overflow in xpdf could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-4352 / CVE-2007-5392 / CVE-2007-5393)
    last seen2020-06-01
    modified2020-06-02
    plugin id29609
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29609
    titleSuSE 10 Security Update : xpdf (ZYPP Patch Number 4644)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-221.NASL
    descriptionAlin Rad Pop found several flaws in how PDF files are handled in kpdf. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id37122
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37122
    titleMandrake Linux Security Advisory : kdegraphics (MDKSA-2007:221)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1537.NASL
    descriptionAlin Rad Pop (Secunia) discovered a number of vulnerabilities in xpdf, a set of tools for display and conversion of Portable Document Format (PDF) files. The Common Vulnerabilities and Exposures project identifies the following three problems : - CVE-2007-4352 Inadequate DCT stream validation allows an attacker to corrupt memory and potentially execute arbitrary code by supplying a maliciously crafted PDF file. - CVE-2007-5392 An integer overflow vulnerability in DCT stream handling could allow an attacker to overflow a heap buffer, enabling the execution of arbitrary code. - CVE-2007-5393 A buffer overflow vulnerability in xpdf
    last seen2020-06-01
    modified2020-06-02
    plugin id31807
    published2008-04-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31807
    titleDebian DSA-1537-1 : xpdf - several vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBEXTRACTOR-4646.NASL
    descriptionA buffer overflow in the xpdf code contained in libextractor could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
    last seen2020-06-01
    modified2020-06-02
    plugin id28174
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28174
    titleopenSUSE 10 Security Update : libextractor (libextractor-4646)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_XPDF-4643.NASL
    descriptionA buffer overflow in xpdf could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
    last seen2020-06-01
    modified2020-06-02
    plugin id28179
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28179
    titleopenSUSE 10 Security Update : xpdf (xpdf-4643)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1030.NASL
    descriptionFrom Red Hat Security Advisory 2007:1030 : Updated xpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67607
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67607
    titleOracle Linux 3 : xpdf (ELSA-2007-1030)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-4031.NASL
    descriptionThis package contains the latest stable upstream release of poppler. New upstream version incorporate fixes for following security issues affecting xpdf code included in poppler: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 It also includes more headers in the -devel subpackage and fixes a problem in the -qt3 subpackage. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id29265
    published2007-12-11
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29265
    titleFedora 8 : poppler-0.6.2-1.fc8 (2007-4031)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KOFFICE-4649.NASL
    descriptionA buffer overflow in the xpdf code contained in koffice could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
    last seen2020-06-01
    modified2020-06-02
    plugin id28173
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28173
    titleopenSUSE 10 Security Update : koffice (koffice-4649)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1022.NASL
    descriptionUpdated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36860
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36860
    titleRHEL 4 : cups (RHSA-2007:1022)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_POPPLER-4638.NASL
    descriptionA buffer overflow in the xpdf code contained in poppler could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
    last seen2020-06-01
    modified2020-06-02
    plugin id28178
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28178
    titleopenSUSE 10 Security Update : poppler (poppler-4638)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1023.NASL
    descriptionFrom Red Hat Security Advisory 2007:1023 : Updated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67600
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67600
    titleOracle Linux 3 : cups (ELSA-2007-1023)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20071108_TETEX_ON_SL5_X.NASL
    descriptionAlin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033)
    last seen2020-06-01
    modified2020-06-02
    plugin id60294
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60294
    titleScientific Linux Security Update : tetex on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-1025.NASL
    descriptionUpdated gpdf packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. gpdf is a GNOME-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36452
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36452
    titleCentOS 4 : gpdf (CESA-2007:1025)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_11965.NASL
    descriptionA number of vulnerabilities have been found in the xpdf code used by cups which could be exploited, potentially remotely, by tricking the user to print a specially crafted PDF file. The vulnerabilities are in the source code file Stream.cc and may allow execution of arbitrary code with the privileges of the user viewing the PDF. Specifically, these are an array indexing error leading to memory corruption (CVE-2007-4352), a possible integer overflow causing to a buffer overflow (CVE-2007-5392) and a boundary check error that can also cause a buffer overflow. (CVE-2007-5393)
    last seen2020-06-01
    modified2020-06-02
    plugin id41166
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41166
    titleSuSE9 Security Update : Cups (YOU Patch Number 11965)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-3390.NASL
    description - fix t1lib flaw CVE-2007-4033 (#352271) - fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121) - xdvi won
    last seen2020-06-01
    modified2020-06-02
    plugin id28307
    published2007-11-26
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28307
    titleFedora 7 : tetex-3.0-40.3.fc7 (2007-3390)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-3031.NASL
    descriptionResolves: xpdf memory corruption in DCTStream::readProgressiveDataUnit() xpdf buffer overflow in DCTStream::reset() xpdf buffer overflow in CCITTFaxStream::lookChar() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28158
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28158
    titleFedora 7 : xpdf-3.02-4.fc7 (2007-3031)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1026.NASL
    descriptionFrom Red Hat Security Advisory 2007:1026 : Updated poppler packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as evince. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67603
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67603
    titleOracle Linux 5 : poppler (ELSA-2007-1026)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-228.NASL
    descriptionAlin Rad Pop found several flaws in how PDF files are handled in cups. An attacker could create a malicious PDF file that would cause cups to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id28276
    published2007-11-20
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28276
    titleMandrake Linux Security Advisory : cups (MDKSA-2007:228)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KDEGRAPHICS3-PDF-4681.NASL
    descriptionA buffer overflow in the xpdf code contained in kpdf could be exploited by attackers to potentially execute arbitrary code (CVE-2007-5393).
    last seen2020-06-01
    modified2020-06-02
    plugin id28204
    published2007-11-14
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28204
    titleopenSUSE 10 Security Update : kdegraphics3-pdf (kdegraphics3-pdf-4681)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1021.NASL
    descriptionUpdated CUPS packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27835
    published2007-11-08
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27835
    titleRHEL 5 : cups (RHSA-2007:1021)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-3308.NASL
    description - fix t1lib flaw CVE-2007-4033 (#352271) - fix CVE-2007-4352 CVE-2007-5392 CVE-2007-5393, various xpdf flaws (#345121) - fix dvips -z buffer overflow with long href CVE-2007-5935 (#368591) - fix insecure usage of temporary file in dviljk CVE-2007-5936 CVE-2007-5937 (#368611, #368641) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28306
    published2007-11-26
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28306
    titleFedora 8 : tetex-3.0-44.3.fc8 (2007-3308)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-3449.NASL
    description - Fri May 9 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-11 - Applied patch to fix CVE-2008-1722 (integer overflow in image filter, bug #441692, STR #2790). - Tue Apr 1 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-10 - Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303). - Applied patch to fix CVE-2008-0053 (HP-GL/2 input processing, bug #438117). - Applied patch to prevent heap-based buffer overflow in CUPS helper program (bug #436153, CVE-2008-0047, STR #2729). - Fri Feb 22 2008 Tim Waugh <twaugh at redhat.com> 1:1.2.12-9 - Prevent double-free when a browsed class has the same name as a printer or vice versa (CVE-2008-0882, bug #433758, STR #2656). - Mon Nov 12 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-8 - Fixed CVE-2007-4045 patch; has no effect with shipped packages since they are linked with gnutls. - LSPP fixes (cupsdSetString/ClearString). - Wed Nov 7 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-7 - Applied patch to fix CVE-2007-4045 (bug #250161). - Applied patch to fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (bug #345101). - Thu Nov 1 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-6 - Applied patch to fix CVE-2007-4351 (STR #2561, bug #361661). - Wed Oct 10 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-5 - Use ppdev for parallel port Device ID retrieval (bug #311671). - Thu Aug 9 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-4 - Applied patch to fix CVE-2007-3387 (bug #251518). - Tue Jul 31 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-3 - Better buildroot tag. - Moved LSPP access check and security attributes check in add_job() to before allocation of the job structure (bug #231522). - Mon Jul 23 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-2 - Use kernel support for USB paper-out detection, when available (bug #249213). - Fri Jul 13 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-1 - 1.2.12. No longer need adminutil or str2408 patches. - Wed Jul 4 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-3 - Better paper-out detection patch still (bug #246222). - Fri Jun 29 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-2 - Applied patch to fix group handling in PPDs (bug #186231, STR #2408). - Wed Jun 27 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-1 - Fixed permissions on classes.conf in the file manifest (bug #245748). - 1.2.11. - Tue Jun 12 2007 Tim Waugh <twaugh at redhat.com> - Make the initscript use start priority 56 (bug #213828). - Mon Jun 11 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-12 - Better paper-out detection patch (bug #241589). - Mon May 21 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-11 - Fixed _cupsAdminSetServerSettings() sharing/shared handling (bug #238057). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id32197
    published2008-05-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32197
    titleFedora 7 : cups-1.2.12-11.fc7 (2008-3449)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-2985.NASL
    descriptionThis is an update to the latest kde-3.5.8 release. For more details, see http://kde.org/announcements/announce-3.5.8.php This also addresses a security issue in kpdf, that can cause crashes or possibly execute arbitrary code, see http://www.kde.org/info/security/advisory-20071107-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28186
    published2007-11-14
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28186
    titleFedora 7 : arts-1.5.8-4.fc7 / kde-i18n-3.5.8-1.fc7 / kdeaccessibility-3.5.8-2.fc7 / etc (2007-2985)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20071107_XPDF_ON_SL4_X.NASL
    descriptionProblem description : Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)
    last seen2020-06-01
    modified2020-06-02
    plugin id60292
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60292
    titleScientific Linux Security Update : xpdf on SL4.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CUPS-4667.NASL
    descriptionA buffer overflow in the xpdf code contained in cups could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-4352 / CVE-2007-5392 / CVE-2007-5393)
    last seen2020-06-01
    modified2020-06-02
    plugin id29413
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29413
    titleSuSE 10 Security Update : Cups (ZYPP Patch Number 4667)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_PDFTOHTML-4642.NASL
    descriptionA buffer overflow in the xpdf code contained in pdftohtml could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393).
    last seen2020-06-01
    modified2020-06-02
    plugin id28177
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28177
    titleopenSUSE 10 Security Update : pdftohtml (pdftohtml-4642)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1028.NASL
    descriptionUpdated tetex packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (dvi) file as output. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27838
    published2007-11-08
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27838
    titleRHEL 2.1 / 3 : tetex (RHSA-2007:1028)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_2747FC39915B11DC9239001C2514716C.NASL
    descriptionSecunia Research reports : Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user
    last seen2020-06-01
    modified2020-06-02
    plugin id28193
    published2007-11-14
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28193
    titleFreeBSD : xpdf -- multiple remote Stream.CC vulnerabilities (2747fc39-915b-11dc-9239-001c2514716c)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-3059.NASL
    descriptionThis update includes fixes to pdf import filters that can cause crashes possibly execute arbitrary code. See http://www.kde.org/info/security/advisory-20071107-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28159
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28159
    titleFedora 7 : koffice-1.6.3-13.fc7 (2007-3059)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1480.NASL
    descriptionAlin Rad Pop discovered several buffer overflows in the Poppler PDF library, which could allow the execution of arbitrary code if a malformed PDF file is opened.
    last seen2020-06-01
    modified2020-06-02
    plugin id30188
    published2008-02-06
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/30188
    titleDebian DSA-1480-1 : poppler - several vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-1028.NASL
    descriptionFrom Red Hat Security Advisory 2007:1028 : Updated tetex packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having important security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (dvi) file as output. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67605
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67605
    titleOracle Linux 3 : tetex (ELSA-2007-1028)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-1022.NASL
    descriptionUpdated cups packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37428
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37428
    titleCentOS 4 : cups (CESA-2007:1022)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1026.NASL
    descriptionUpdated poppler packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as evince. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id27837
    published2007-11-08
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/27837
    titleRHEL 5 : poppler (RHSA-2007:1026)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1509.NASL
    descriptionSeveral vulnerabilities have been discovered in xpdf code that is embedded in koffice, an integrated office suite for KDE. These flaws could allow an attacker to execute arbitrary code by inducing the user to import a specially crafted PDF document. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4352 Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. - CVE-2007-5392 Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. - CVE-2007-5393 Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. Updates for the old stable distribution (sarge) will be made available as soon as possible.
    last seen2020-06-01
    modified2020-06-02
    plugin id31170
    published2008-02-26
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31170
    titleDebian DSA-1509-1 : koffice - multiple vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-219.NASL
    descriptionAlin Rad Pop found several flaws in how PDF files are handled in xpdf. An attacker could create a malicious PDF file that would cause xpdf to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id37167
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37167
    titleMandrake Linux Security Advisory : xpdf (MDKSA-2007:219)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-3093.NASL
    descriptionThis update includes fixes to pdf import filters that can cause crashes possibly execute arbitrary code. See http://www.kde.org/info/security/advisory-20071107-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28161
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28161
    titleFedora 8 : koffice-1.6.3-13.fc8 (2007-3093)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-542-1.NASL
    descriptionSecunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id28210
    published2007-11-14
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28210
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : poppler vulnerabilities (USN-542-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-1024.NASL
    descriptionUpdated kdegraphics packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment. This includes kpdf, a PDF file viewer. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) All kdegraphics users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37318
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37318
    titleCentOS 4 : kdegraphics (CESA-2007:1024)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1024.NASL
    descriptionUpdated kdegraphics packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment. This includes kpdf, a PDF file viewer. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) All kdegraphics users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28168
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28168
    titleRHEL 4 : kdegraphics (RHSA-2007:1024)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-1051.NASL
    descriptionUpdated kdegraphics packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment. This includes kpdf, a PDF file viewer. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-5393) All kdegraphics users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id36457
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36457
    titleRHEL 5 : kdegraphics (RHSA-2007:1051)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20071107_GPDF_ON_SL4_X.NASL
    descriptionProblem description : Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393)
    last seen2020-06-01
    modified2020-06-02
    plugin id60288
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60288
    titleScientific Linux Security Update : gpdf on SL4.x i386/x86_64
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2007-316-01.NASL
    descriptionNew xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, and -current. New poppler packages are available for Slackware 12.0 and -current. New koffice packages are available for Slackware 11.0, 12.0, and -current. New kdegraphics packages are available for Slackware 10.2, 11.0, 12.0, and -current. These updated packages address similar bugs which could be used to crash applications linked with poppler or that use code from xpdf through the use of a malformed PDF document. It is possible that a maliciously crafted document could cause code to be executed in the context of the user running the application processing the PDF. These advisories and CVE entries cover the bugs: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 http://www.kde.org/info/security/advisory-20071107-1.txt
    last seen2020-06-01
    modified2020-06-02
    plugin id28149
    published2007-11-12
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28149
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 9.1 / current : xpdf/poppler/koffice/kdegraphics (SSA:2007-316-01)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20071112_KDEGRAPHICS_ON_SL5_X.NASL
    descriptionAlin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393
    last seen2020-06-01
    modified2020-06-02
    plugin id60300
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60300
    titleScientific Linux Security Update : kdegraphics on SL5.x, SL4.x i386/x86_64
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-223.NASL
    descriptionAlin Rad Pop found several flaws in how PDF files are handled in pdftohtml. An attacker could create a malicious PDF file that would cause pdftohtml to crash or potentially execute arbitrary code when opened. The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id28273
    published2007-11-20
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/28273
    titleMandrake Linux Security Advisory : pdftohtml (MDKSA-2007:223)

Oval

accepted2013-04-29T04:22:40.015-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionHeap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
familyunix
idoval:org.mitre.oval:def:9839
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleHeap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
version27

Redhat

advisories
  • bugzilla
    id345121
    titleCVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentcups-lpd is earlier than 1:1.2.4-11.14.el5_1.3
            ovaloval:com.redhat.rhsa:tst:20071021001
          • commentcups-lpd is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070123015
        • AND
          • commentcups-devel is earlier than 1:1.2.4-11.14.el5_1.3
            ovaloval:com.redhat.rhsa:tst:20071021003
          • commentcups-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070123011
        • AND
          • commentcups-libs is earlier than 1:1.2.4-11.14.el5_1.3
            ovaloval:com.redhat.rhsa:tst:20071021005
          • commentcups-libs is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070123013
        • AND
          • commentcups is earlier than 1:1.2.4-11.14.el5_1.3
            ovaloval:com.redhat.rhsa:tst:20071021007
          • commentcups is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070123009
    rhsa
    idRHSA-2007:1021
    released2007-11-07
    severityImportant
    titleRHSA-2007:1021: cups security update (Important)
  • bugzilla
    id345121
    titleCVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentcups-libs is earlier than 1:1.1.22-0.rc1.9.20.2.el4_5.2
            ovaloval:com.redhat.rhsa:tst:20071022001
          • commentcups-libs is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060163004
        • AND
          • commentcups-devel is earlier than 1:1.1.22-0.rc1.9.20.2.el4_5.2
            ovaloval:com.redhat.rhsa:tst:20071022003
          • commentcups-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060163002
        • AND
          • commentcups is earlier than 1:1.1.22-0.rc1.9.20.2.el4_5.2
            ovaloval:com.redhat.rhsa:tst:20071022005
          • commentcups is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060163006
    rhsa
    idRHSA-2007:1022
    released2007-11-07
    severityImportant
    titleRHSA-2007:1022: cups security update (Important)
  • bugzilla
    id345121
    titleCVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentkdegraphics is earlier than 7:3.3.1-6.el4_5
            ovaloval:com.redhat.rhsa:tst:20071024001
          • commentkdegraphics is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060206004
        • AND
          • commentkdegraphics-devel is earlier than 7:3.3.1-6.el4_5
            ovaloval:com.redhat.rhsa:tst:20071024003
          • commentkdegraphics-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060206002
    rhsa
    idRHSA-2007:1024
    released2007-11-12
    severityImportant
    titleRHSA-2007:1024: kdegraphics security update (Important)
  • bugzilla
    id345121
    titleCVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • commentgpdf is earlier than 0:2.8.2-7.7.1
        ovaloval:com.redhat.rhsa:tst:20071025001
      • commentgpdf is signed with Red Hat master key
        ovaloval:com.redhat.rhsa:tst:20060177002
    rhsa
    idRHSA-2007:1025
    released2007-11-07
    severityImportant
    titleRHSA-2007:1025: gpdf security update (Important)
  • bugzilla
    id345121
    titleCVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentpoppler-devel is earlier than 0:0.5.4-4.3.el5_1
            ovaloval:com.redhat.rhsa:tst:20071026001
          • commentpoppler-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070732002
        • AND
          • commentpoppler is earlier than 0:0.5.4-4.3.el5_1
            ovaloval:com.redhat.rhsa:tst:20071026003
          • commentpoppler is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070732004
        • AND
          • commentpoppler-utils is earlier than 0:0.5.4-4.3.el5_1
            ovaloval:com.redhat.rhsa:tst:20071026005
          • commentpoppler-utils is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070732006
    rhsa
    idRHSA-2007:1026
    released2007-11-07
    severityImportant
    titleRHSA-2007:1026: poppler security update (Important)
  • bugzilla
    id352271
    titleCVE-2007-4033 t1lib font filename string overflow
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commenttetex-fonts is earlier than 0:2.0.2-22.0.1.EL4.10
            ovaloval:com.redhat.rhsa:tst:20071027001
          • commenttetex-fonts is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060160014
        • AND
          • commenttetex-doc is earlier than 0:2.0.2-22.0.1.EL4.10
            ovaloval:com.redhat.rhsa:tst:20071027003
          • commenttetex-doc is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060160004
        • AND
          • commenttetex is earlier than 0:2.0.2-22.0.1.EL4.10
            ovaloval:com.redhat.rhsa:tst:20071027005
          • commenttetex is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060160002
        • AND
          • commenttetex-afm is earlier than 0:2.0.2-22.0.1.EL4.10
            ovaloval:com.redhat.rhsa:tst:20071027007
          • commenttetex-afm is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060160010
        • AND
          • commenttetex-dvips is earlier than 0:2.0.2-22.0.1.EL4.10
            ovaloval:com.redhat.rhsa:tst:20071027009
          • commenttetex-dvips is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060160008
        • AND
          • commenttetex-latex is earlier than 0:2.0.2-22.0.1.EL4.10
            ovaloval:com.redhat.rhsa:tst:20071027011
          • commenttetex-latex is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060160006
        • AND
          • commenttetex-xdvi is earlier than 0:2.0.2-22.0.1.EL4.10
            ovaloval:com.redhat.rhsa:tst:20071027013
          • commenttetex-xdvi is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060160012
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commenttetex-xdvi is earlier than 0:3.0-33.2.el5_1.2
            ovaloval:com.redhat.rhsa:tst:20071027016
          • commenttetex-xdvi is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070731029
        • AND
          • commenttetex-afm is earlier than 0:3.0-33.2.el5_1.2
            ovaloval:com.redhat.rhsa:tst:20071027018
          • commenttetex-afm is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070731021
        • AND
          • commenttetex-dvips is earlier than 0:3.0-33.2.el5_1.2
            ovaloval:com.redhat.rhsa:tst:20071027020
          • commenttetex-dvips is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070731017
        • AND
          • commenttetex-latex is earlier than 0:3.0-33.2.el5_1.2
            ovaloval:com.redhat.rhsa:tst:20071027022
          • commenttetex-latex is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070731019
        • AND
          • commenttetex is earlier than 0:3.0-33.2.el5_1.2
            ovaloval:com.redhat.rhsa:tst:20071027024
          • commenttetex is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070731025
        • AND
          • commenttetex-doc is earlier than 0:3.0-33.2.el5_1.2
            ovaloval:com.redhat.rhsa:tst:20071027026
          • commenttetex-doc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070731027
        • AND
          • commenttetex-fonts is earlier than 0:3.0-33.2.el5_1.2
            ovaloval:com.redhat.rhsa:tst:20071027028
          • commenttetex-fonts is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070731023
    rhsa
    idRHSA-2007:1027
    released2007-11-08
    severityImportant
    titleRHSA-2007:1027: tetex security update (Important)
  • bugzilla
    id345121
    titleCVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • commentxpdf is earlier than 1:3.00-14.el4
        ovaloval:com.redhat.rhsa:tst:20071029001
      • commentxpdf is signed with Red Hat master key
        ovaloval:com.redhat.rhsa:tst:20060201002
    rhsa
    idRHSA-2007:1029
    released2007-11-07
    severityImportant
    titleRHSA-2007:1029: xpdf security update (Important)
  • bugzilla
    id345121
    titleCVE-2007-5393 xpdf buffer overflow in CCITTFaxStream::lookChar()
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentkdegraphics is earlier than 7:3.5.4-5.el5_1
            ovaloval:com.redhat.rhsa:tst:20071051001
          • commentkdegraphics is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070729009
        • AND
          • commentkdegraphics-devel is earlier than 7:3.5.4-5.el5_1
            ovaloval:com.redhat.rhsa:tst:20071051003
          • commentkdegraphics-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070729007
    rhsa
    idRHSA-2007:1051
    released2007-11-16
    severityImportant
    titleRHSA-2007:1051: kdegraphics security update (Important)
  • rhsa
    idRHSA-2007:1023
  • rhsa
    idRHSA-2007:1028
  • rhsa
    idRHSA-2007:1030
  • rhsa
    idRHSA-2007:1031
rpms
  • cups-1:1.2.4-11.14.el5_1.3
  • cups-debuginfo-1:1.2.4-11.14.el5_1.3
  • cups-devel-1:1.2.4-11.14.el5_1.3
  • cups-libs-1:1.2.4-11.14.el5_1.3
  • cups-lpd-1:1.2.4-11.14.el5_1.3
  • cups-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • cups-debuginfo-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • cups-devel-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • cups-libs-1:1.1.22-0.rc1.9.20.2.el4_5.2
  • cups-1:1.1.17-13.3.46
  • cups-debuginfo-1:1.1.17-13.3.46
  • cups-devel-1:1.1.17-13.3.46
  • cups-libs-1:1.1.17-13.3.46
  • kdegraphics-7:3.3.1-6.el4_5
  • kdegraphics-debuginfo-7:3.3.1-6.el4_5
  • kdegraphics-devel-7:3.3.1-6.el4_5
  • gpdf-0:2.8.2-7.7.1
  • gpdf-debuginfo-0:2.8.2-7.7.1
  • poppler-0:0.5.4-4.3.el5_1
  • poppler-debuginfo-0:0.5.4-4.3.el5_1
  • poppler-devel-0:0.5.4-4.3.el5_1
  • poppler-utils-0:0.5.4-4.3.el5_1
  • tetex-0:2.0.2-22.0.1.EL4.10
  • tetex-0:3.0-33.2.el5_1.2
  • tetex-afm-0:2.0.2-22.0.1.EL4.10
  • tetex-afm-0:3.0-33.2.el5_1.2
  • tetex-debuginfo-0:2.0.2-22.0.1.EL4.10
  • tetex-debuginfo-0:3.0-33.2.el5_1.2
  • tetex-doc-0:2.0.2-22.0.1.EL4.10
  • tetex-doc-0:3.0-33.2.el5_1.2
  • tetex-dvips-0:2.0.2-22.0.1.EL4.10
  • tetex-dvips-0:3.0-33.2.el5_1.2
  • tetex-fonts-0:2.0.2-22.0.1.EL4.10
  • tetex-fonts-0:3.0-33.2.el5_1.2
  • tetex-latex-0:2.0.2-22.0.1.EL4.10
  • tetex-latex-0:3.0-33.2.el5_1.2
  • tetex-xdvi-0:2.0.2-22.0.1.EL4.10
  • tetex-xdvi-0:3.0-33.2.el5_1.2
  • tetex-0:1.0.7-38.5E.12
  • tetex-0:1.0.7-67.11
  • tetex-afm-0:1.0.7-38.5E.12
  • tetex-afm-0:1.0.7-67.11
  • tetex-debuginfo-0:1.0.7-67.11
  • tetex-doc-0:1.0.7-38.5E.12
  • tetex-dvilj-0:1.0.7-38.5E.12
  • tetex-dvips-0:1.0.7-38.5E.12
  • tetex-dvips-0:1.0.7-67.11
  • tetex-fonts-0:1.0.7-38.5E.12
  • tetex-fonts-0:1.0.7-67.11
  • tetex-latex-0:1.0.7-38.5E.12
  • tetex-latex-0:1.0.7-67.11
  • tetex-xdvi-0:1.0.7-38.5E.12
  • tetex-xdvi-0:1.0.7-67.11
  • xpdf-1:3.00-14.el4
  • xpdf-debuginfo-1:3.00-14.el4
  • xpdf-1:2.02-11.el3
  • xpdf-debuginfo-1:2.02-11.el3
  • xpdf-1:0.92-19.el2
  • kdegraphics-7:3.5.4-5.el5_1
  • kdegraphics-debuginfo-7:3.5.4-5.el5_1
  • kdegraphics-devel-7:3.5.4-5.el5_1

Seebug

bulletinFamilyexploit
descriptionXpdf是一款处理PDF的应用程序 Xpdf存在多个缓冲区溢出问题,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 1)xpdf/Stream.cc文件中的&quot;DCTStream::readProgressiveDataUnit()&quot;方法存在数组索引错误,通过特殊构建的PDF文件可造成内存破坏。 2)xpdf/Stream.cc文件中的&quot;DCTStream::reset()&quot;方法存在整数溢出错误,可导致基于堆的缓冲区溢出。 3)xpdf/Stream.cc中的&quot;CCITTFaxStream::lookChar()&quot;方法存在边界错误,通过特殊构建的&quot;CCITTFaxDecode&quot;过滤器可导致触发基于堆的缓冲区溢出。 Xpdf Xpdf 3.02pl1 teTeX teTeX 1.0.7 + Conectiva Linux 8.0 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Conectiva Linux 7.0 + Conectiva Linux 6.0 + Conectiva Linux 6.0 + Debian Linux 3.0 sparc + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 alpha + Debian Linux 3.0 + Debian Linux 3.0 + HP Secure OS software for Linux 1.0 + HP Secure OS software for Linux 1.0 + Immunix Immunix OS 7.0 beta + Immunix Immunix OS 7.0 beta + Immunix Immunix OS 7.0 + Immunix Immunix OS 7.0 + Immunix Immunix OS 6.2 + Immunix Immunix OS 6.2 + MandrakeSoft Corporate Server 1.0.1 + MandrakeSoft Corporate Server 1.0.1 + MandrakeSoft Linux Mandrake 9.0 + MandrakeSoft Linux Mandrake 9.0 + MandrakeSoft Linux Mandrake 8.2 ppc + MandrakeSoft Linux Mandrake 8.2 ppc + MandrakeSoft Linux Mandrake 8.2 + MandrakeSoft Linux Mandrake 8.2 + MandrakeSoft Linux Mandrake 8.1 ia64 + MandrakeSoft Linux Mandrake 8.1 ia64 + MandrakeSoft Linux Mandrake 8.1 + MandrakeSoft Linux Mandrake 8.1 + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.0 + MandrakeSoft Linux Mandrake 8.0 + MandrakeSoft Linux Mandrake 7.2 + MandrakeSoft Linux Mandrake 7.2 + MandrakeSoft Linux Mandrake 7.1 + MandrakeSoft Linux Mandrake 7.1 + RedHat Desktop 3.0 + RedHat Desktop 3.0 + RedHat Enterprise Linux WS 3 + RedHat Enterprise Linux WS 3 + RedHat Enterprise Linux WS 2.1 IA64 + RedHat Enterprise Linux WS 2.1 IA64 + RedHat Enterprise Linux WS 2.1 + RedHat Enterprise Linux WS 2.1 + RedHat Enterprise Linux ES 3 + RedHat Enterprise Linux ES 3 + RedHat Enterprise Linux ES 2.1 IA64 + RedHat Enterprise Linux ES 2.1 IA64 + RedHat Enterprise Linux ES 2.1 + RedHat Enterprise Linux ES 2.1 + RedHat Enterprise Linux AS 3 + RedHat Enterprise Linux AS 3 + RedHat Enterprise Linux AS 2.1 IA64 + RedHat Enterprise Linux AS 2.1 IA64 + RedHat Enterprise Linux AS 2.1 + RedHat Enterprise Linux AS 2.1 + RedHat Linux 8.0 i386 + RedHat Linux 8.0 i386 + RedHat Linux 8.0 + RedHat Linux 8.0 + RedHat Linux 7.3 i386 + RedHat Linux 7.3 i386 + RedHat Linux 7.3 + RedHat Linux 7.3 + RedHat Linux 7.2 ia64 + RedHat Linux 7.2 ia64 + RedHat Linux 7.2 i386 + RedHat Linux 7.2 i386 + RedHat Linux 7.2 + RedHat Linux 7.2 + RedHat Linux 7.1 ia64 + RedHat Linux 7.1 ia64 + RedHat Linux 7.1 i386 + RedHat Linux 7.1 i386 + RedHat Linux 7.1 alpha + RedHat Linux 7.1 alpha + RedHat Linux 7.1 + RedHat Linux 7.1 + RedHat Linux 7.0 i386 + RedHat Linux 7.0 i386 + RedHat Linux 7.0 alpha + RedHat Linux 7.0 alpha + RedHat Linux 7.0 + RedHat Linux 7.0 + RedHat Linux Advanced Work Station 2.1 + RedHat Linux Advanced Work Station 2.1 RedHat Enterprise Linux Desktop Workstation v. 5 client RedHat Enterprise Linux Desktop v.5 client RedHat Enterprise Linux WS 5 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux v. 5 server RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux AS 2.1 RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 Poppler poppler 0.5.4 KDE KOffice 1.6.3 KDE KOffice 1.6.1 KDE KOffice 1.6 KDE KOffice 1.5.91 KDE KOffice 1.5.2 KDE KOffice 1.5 KDE KOffice 1.4.2 KDE KOffice 1.4.1 KDE KOffice 1.4 KDE KOffice 1.3.5 KDE KOffice 1.3.4 KDE KOffice 1.3.3 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 KDE KOffice 1.3.2 KDE KOffice 1.3.1 KDE KOffice 1.3 beta3 KDE KOffice 1.3 beta2 KDE KOffice 1.3 beta1 KDE KOffice 1.3 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 KDE KOffice 1.2.92 KDE KOffice 1.2.1 KDE KOffice 1.2 KDE KDE 3.5.8 KDE KDE 3.5.7 KDE KDE 3.5.6 KDE KDE 3.5.5 KDE KDE 3.5.4 KDE KDE 3.5.3 KDE KDE 3.5.2 KDE KDE 3.5.1 KDE KDE 3.5 KDE KDE 3.4.3 - Gentoo Linux KDE KDE 3.4.2 KDE KDE 3.4.1 + RedHat Fedora Core4 + RedHat Fedora Core4 KDE KDE 3.4 KDE KDE 3.4 KDE KDE 3.3.2 + Debian Linux 3.1 sparc + Debian Linux 3.1 sparc + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 s/390 + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 ppc + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mipsel + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 mips + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 m68k + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 hppa + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 arm + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 amd64 + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 alpha + Debian Linux 3.1 alpha + Debian Linux 3.1 + Debian Linux 3.1 + Debian Linux 3.1 KDE KDE 3.3.2 KDE KDE 3.3.1 + RedHat Fedora Core3 + RedHat Fedora Core3 KDE KDE 3.3 KDE KDE 3.2.3 KDE KDE 3.2.2 + KDE KDE 3.2.2 + RedHat Fedora Core2 KDE KDE 3.2.1 KDE KDE 3.2 GNOME GPdf 2.8.3 GNOME GPdf 2.8.2 + RedHat Fedora Core3 + RedHat Fedora Core2 GNOME GPdf 2.8 Easy Software Products CUPS 1.1.17 + RedHat Desktop 3.0 + RedHat Enterprise Linux WS 3 + RedHat Enterprise Linux ES 3 + RedHat Enterprise Linux AS 3 厂商解决方案 补丁下载: Xpdf Xpdf 3.02pl1 Xpdf xpdf-3.02pl2.patch <a href="ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch" target="_blank">ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch</a> KDE KOffice 1.6.3 KDE koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff <a href="ftp://ftp.kde.org/pub/kde/security_patches/koffice-1.6.3-xpdf2-CVE-200" target="_blank">ftp://ftp.kde.org/pub/kde/security_patches/koffice-1.6.3-xpdf2-CVE-200</a> 7-4352-5392-5393.diff KDE KDE 3.5.5 KDE post-3.5.5-kdegraphics-CVE-2007-5393.diff <a href="ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.5-kdegraphics-CVE-" target="_blank">ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.5-kdegraphics-CVE-</a> 2007-5393.diff KDE KDE 3.5.6 KDE post-3.5.5-kdegraphics-CVE-2007-5393.diff <a href="ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.5-kdegraphics-CVE-" target="_blank">ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.5-kdegraphics-CVE-</a> 2007-5393.diff KDE KDE 3.5.7 KDE post-3.5.5-kdegraphics-CVE-2007-5393.diff <a href="ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.5-kdegraphics-CVE-" target="_blank">ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.5-kdegraphics-CVE-</a> 2007-5393.diff KDE KDE 3.5.8 KDE post-3.5.8-kdegraphics-kpdf.diff <a href="ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.8-kdegraphics-kpdf.diff" target="_blank">ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.8-kdegraphics-kpdf.diff</a>
idSSV:2409
last seen2017-11-19
modified2007-11-11
published2007-11-11
reporterRoot
titleXpdf多个远程Stream.CC漏洞

References