CVE-2007-4352

描述

Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.

受影響套件(9)

• Debian/cupsfrom 0, < 1.1.22-7
• Debian/kdegraphicsfrom 0, < 4:3.5.7-4+lenny1
• Debian/kofficefrom 0, < 1:1.6.3-3+lenny1
• Debian/kofficefrom 0, < 1:1.6.1-2etch2
• Debian/libextractorfrom 0, < 0.5.12-1
• Debian/popplerfrom 0, < 0.6.2-1
• Debian/popplerfrom 0, < 0.4.5-5.1etch2
• Debian/xpdffrom 0, < 3.01-9.1+etch2
• Debian/xpdffrom 0, < 3.02-1.3

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-4352