This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Xpdf First view 2006-03-15
Product Xpdf Last view 2007-11-07
Version 3.0.1_pl1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:xpdf:xpdf

Activity : Overall

Related : CVE

  Date Alert Description
9.3 2007-11-07 CVE-2007-5392

Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.

7.6 2007-11-07 CVE-2007-4352

Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.

6.8 2007-01-08 CVE-2007-0104

The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

7.6 2006-03-15 CVE-2006-1244

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
50% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
39542 Xpdf xpdf/Stream.cc DCTStream::reset Method PDF Handling Memory Corruption
39541 Xpdf xpdf/Stream.cc DCTStream::readProgressiveDataUnit Method PDF Handling Me...
32871 Multiple Products Adobe PDF Specification Invalid Tree Node DoS
32870 Multiple Products Adobe PDF Specification Malformed Catalog Dictionary DoS
23834 Multiple Products Xpdf/kpdf Multiple Unspecified Issues

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2009-10-13 Name : SLES10: Security update for xpdf
File : nvt/sles10_xpdf1.nasl
2009-10-13 Name : SLES10: Security update for kdegraphics3-pdf
File : nvt/sles10_kdegraphics3-pd.nasl
2009-10-10 Name : SLES9: Security update for Cups
File : nvt/sles9p5016608.nasl
2009-10-10 Name : SLES9: Security update for cups
File : nvt/sles9p5011363.nasl
2009-04-09 Name : Mandriva Update for kdegraphics MDKSA-2007:024 (kdegraphics)
File : nvt/gb_mandriva_MDKSA_2007_024.nasl
2009-04-09 Name : Mandriva Update for koffice MDKSA-2007:018 (koffice)
File : nvt/gb_mandriva_MDKSA_2007_018.nasl
2009-04-09 Name : Mandriva Update for pdftohtml MDKSA-2007:019 (pdftohtml)
File : nvt/gb_mandriva_MDKSA_2007_019.nasl
2009-04-09 Name : Mandriva Update for poppler MDKSA-2007:020 (poppler)
File : nvt/gb_mandriva_MDKSA_2007_020.nasl
2009-04-09 Name : Mandriva Update for xpdf MDKSA-2007:021 (xpdf)
File : nvt/gb_mandriva_MDKSA_2007_021.nasl
2009-04-09 Name : Mandriva Update for tetex MDKSA-2007:022 (tetex)
File : nvt/gb_mandriva_MDKSA_2007_022.nasl
2009-04-09 Name : Mandriva Update for xpdf MDKSA-2007:219 (xpdf)
File : nvt/gb_mandriva_MDKSA_2007_219.nasl
2009-04-09 Name : Mandriva Update for kdegraphics MDKSA-2007:221 (kdegraphics)
File : nvt/gb_mandriva_MDKSA_2007_221.nasl
2009-04-09 Name : Mandriva Update for koffice MDKSA-2007:222 (koffice)
File : nvt/gb_mandriva_MDKSA_2007_222.nasl
2009-04-09 Name : Mandriva Update for poppler MDKSA-2007:227 (poppler)
File : nvt/gb_mandriva_MDKSA_2007_227.nasl
2009-04-09 Name : Mandriva Update for cups MDKSA-2007:228 (cups)
File : nvt/gb_mandriva_MDKSA_2007_228.nasl
2009-04-09 Name : Mandriva Update for pdftohtml MDKSA-2007:223 (pdftohtml)
File : nvt/gb_mandriva_MDKSA_2007_223.nasl
2009-04-09 Name : Mandriva Update for tetex MDKSA-2007:230 (tetex)
File : nvt/gb_mandriva_MDKSA_2007_230.nasl
2009-03-23 Name : Ubuntu Update for kdegraphics, koffice, poppler vulnerability USN-410-1
File : nvt/gb_ubuntu_USN_410_1.nasl
2009-03-23 Name : Ubuntu Update for tetex-bin vulnerability USN-410-2
File : nvt/gb_ubuntu_USN_410_2.nasl
2009-03-23 Name : Ubuntu Update for poppler vulnerabilities USN-542-1
File : nvt/gb_ubuntu_USN_542_1.nasl
2009-03-23 Name : Ubuntu Update for koffice vulnerabilities USN-542-2
File : nvt/gb_ubuntu_USN_542_2.nasl
2009-02-27 Name : Fedora Update for kdegraphics FEDORA-2007-3001
File : nvt/gb_fedora_2007_3001_kdegraphics_fc8.nasl
2009-02-27 Name : Fedora Update for xpdf FEDORA-2007-3014
File : nvt/gb_fedora_2007_3014_xpdf_fc8.nasl
2009-02-27 Name : Fedora Update for xpdf FEDORA-2007-3031
File : nvt/gb_fedora_2007_3031_xpdf_fc7.nasl
2009-02-27 Name : Fedora Update for koffice FEDORA-2007-3059
File : nvt/gb_fedora_2007_3059_koffice_fc7.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Adobe Acrobat Reader PDF Catalog Handling denial of service attempt
RuleID : 17361 - Type : FILE-PDF - Revision : 16

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-1022.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-1024.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2007-1025.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-1026.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2007-1030.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2007-1029.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2007-1027.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20071112_kdegraphics_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20071108_tetex_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing a security update.
File: sl_20071107_xpdf_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20071107_poppler_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing a security update.
File: sl_20071107_gpdf_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20071107_cups_on_SL5_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20071107_cups_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 9 host is missing a security-related patch.
File: suse9_11965.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2007-222.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2007-221.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2007-1022.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2007-219.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2007-227.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2007-1022.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2007-1025.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2007-1029.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2007-1030.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2007-1029.nasl - Type: ACT_GATHER_INFO