CVE-2007-4352

EPSS 25.5%

koffice - multiple vulnerabilities

Published: 11/8/2007Modified: 3/9/2026

Also known as:DSA-1509-1 DSA-1537-1DEBIAN-CVE-2007-4352

Description

Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.

Affected packages (9)

Debian/cupsfrom 0, < 1.1.22-7
Debian/kdegraphicsfrom 0, < 4:3.5.7-4+lenny1
Debian/kofficefrom 0, < 1:1.6.3-3+lenny1
Debian/kofficefrom 0, < 1:1.6.1-2etch2
Debian/libextractorfrom 0, < 0.5.12-1
Debian/popplerfrom 0, < 0.6.2-1
Debian/popplerfrom 0, < 0.4.5-5.1etch2
Debian/xpdffrom 0, < 3.01-9.1+etch2
Debian/xpdffrom 0, < 3.02-1.3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-4352