CVE-2007-4352

Upstream information

CVE-2007-4352 at MITRE

Description

Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having important severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	7.6
Vector	AV:N/AC:H/Au:N/C:C/I:C/A:C
Access Vector	Network
Access Complexity	High
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entry: 335637 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SA:2007:060, published Wed, 14 Nov 2007 16:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Server 11 SP1	`cups >= 1.3.9-8.30.1` `cups-client >= 1.3.9-8.30.1` `cups-libs >= 1.3.9-8.30.1` `cups-libs-32bit >= 1.3.9-8.30.1` `cups-libs-x86 >= 1.3.9-8.30.1` `libpoppler-glib4 >= 0.12.3-1.2.44` `libpoppler-qt4-3 >= 0.12.3-1.2.44` `libpoppler5 >= 0.12.3-1.2.44` `poppler-tools >= 0.12.3-1.2.44` `xpdf-tools >= 3.02-138.26.1`
SUSE Linux Enterprise Server 11 SP2	`cups >= 1.3.9-8.44.1` `cups-client >= 1.3.9-8.44.1` `cups-libs >= 1.3.9-8.44.1` `cups-libs-32bit >= 1.3.9-8.44.1` `cups-libs-x86 >= 1.3.9-8.44.1` `libpoppler-glib4 >= 0.12.3-1.3.1` `libpoppler-qt4-3 >= 0.12.3-1.3.1` `libpoppler5 >= 0.12.3-1.3.1` `poppler-tools >= 0.12.3-1.3.1`
SUSE Linux Enterprise Server 11 SP3	`cups >= 1.3.9-8.46.46.1` `cups-client >= 1.3.9-8.46.46.1` `cups-libs >= 1.3.9-8.46.46.1` `cups-libs-32bit >= 1.3.9-8.46.46.1` `cups-libs-x86 >= 1.3.9-8.46.46.1` `libpoppler-glib4 >= 0.12.3-1.8.1` `libpoppler-qt4-3 >= 0.12.3-1.8.1` `libpoppler5 >= 0.12.3-1.8.1` `poppler-tools >= 0.12.3-1.8.1`
SUSE Linux Enterprise Server 11 SP4	`cups >= 1.3.9-8.46.56.1` `cups-client >= 1.3.9-8.46.56.1` `cups-libs >= 1.3.9-8.46.56.1` `cups-libs-32bit >= 1.3.9-8.46.56.1` `cups-libs-x86 >= 1.3.9-8.46.56.1` `libpoppler-glib4 >= 0.12.3-1.10.1` `libpoppler-qt4-3 >= 0.12.3-1.10.1` `libpoppler5 >= 0.12.3-1.10.1` `poppler-tools >= 0.12.3-1.10.1`
SUSE Linux Enterprise Software Development Kit 11 SP4	`cups-devel >= 1.3.9-8.46.56.1` `libpoppler-devel >= 0.12.3-1.10.1` `libpoppler-glib-devel >= 0.12.3-1.10.1` `libpoppler-qt2 >= 0.12.3-1.10.1` `libpoppler-qt3-devel >= 0.12.3-1.10.1` `libpoppler-qt4-devel >= 0.12.3-1.10.1` `poppler-tools >= 0.12.3-1.10.1`
SUSE LINUX 10.0	`gpdf >= 2.10.0-12.9`
SUSE LINUX 10.1	`gpdf >= 2.10.0-40.5`
SUSE LINUX 10.0	`cups >= 1.1.23-21.16` `cups-client >= 1.1.23-21.16` `cups-devel >= 1.1.23-21.16` `cups-libs >= 1.1.23-21.16` `cups-libs-32bit >= 1.1.23-21.16` `cups-libs-64bit >= 1.1.23-21.16`
SUSE LINUX 10.1	`cups >= 1.1.23-40.32` `cups-client >= 1.1.23-40.32` `cups-devel >= 1.1.23-40.32` `cups-libs >= 1.1.23-40.32` `cups-libs-32bit >= 1.1.23-40.32` `cups-libs-64bit >= 1.1.23-40.32`
SLES SDK 9 for IBM S/390 and IBM zSeries SLES SDK 9 for IBM iSeries and IBM pSeries SLES SDK 9 for IBM zSeries SLES SDK 9 for IPF SLES SDK 9 for X86-64 SLES SDK 9 for x86	`xpdf >= 3.00-64.46` `xpdf-config >= 3.00-64.46`	core9.s390 core9.x86 sled10.x86 sles10.s390x ZYPP Patch Nr: 4644
SUSE LINUX 10.0	`pdftohtml >= 0.36-130.9`
SUSE LINUX 10.1	`pdftohtml >= 0.36-145.7`
SUSE LINUX 10.0	`poppler >= 0.4.2-3.11` `poppler-devel >= 0.4.2-3.11` `poppler-glib >= 0.4.2-3.11` `poppler-qt >= 0.4.2-3.11`
SUSE LINUX 10.1	`poppler >= 0.4.4-19.15` `poppler-devel >= 0.4.4-19.15` `poppler-glib >= 0.4.4-19.15` `poppler-qt >= 0.4.4-19.15`
SUSE LINUX 10.0	`koffice >= 1.4.1-10.8` `koffice-database >= 1.4.1-10.8` `koffice-devel >= 1.4.1-10.8` `koffice-extra >= 1.4.1-10.8` `koffice-illustration >= 1.4.1-10.8` `koffice-presentation >= 1.4.1-10.8` `koffice-spreadsheet >= 1.4.1-10.8` `koffice-wordprocessing >= 1.4.1-10.8`
SUSE LINUX 10.1	`koffice >= 1.4.2-25.6` `koffice-database >= 1.4.2-25.6` `koffice-devel >= 1.4.2-25.6` `koffice-extra >= 1.4.2-25.6` `koffice-illustration >= 1.4.2-25.6` `koffice-presentation >= 1.4.2-25.6` `koffice-spreadsheet >= 1.4.2-25.6` `koffice-wordprocessing >= 1.4.2-25.6`
SUSE LINUX 10.0	`libextractor >= 0.5.2-3.11` `libextractor-devel >= 0.5.2-3.11`
SUSE LINUX 10.1	`libextractor >= 0.5.10-12.8` `libextractor-devel >= 0.5.10-12.8`
SUSE LINUX 10.0	`xpdf >= 3.00-92.12` `xpdf-config >= 3.00-92.12`
SUSE LINUX 10.1	`xpdf >= 3.01-21.13` `xpdf-tools >= 3.01-21.13`
SuSE Linux Desktop 1.0	`koffice >= 1.2.1-216` `koffice-extra >= 1.2.1-216` `koffice-illustration >= 1.2.1-216` `koffice-presentation >= 1.2.1-216` `koffice-spreadsheet >= 1.2.1-216` `koffice-wordprocessing >= 1.2.1-216`	Builds
SUSE LINUX Retail Solution 8 SuSE Linux Desktop 1.0 SuSE Linux Enterprise Server 8 for AMD64 SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries SuSE Linux Enterprise Server 8 for IBM zSeries SuSE Linux Enterprise Server 8 for IPF SuSE Linux Openexchange Server 4 SuSE Linux School Server for i386 SuSE Linux Standard Server 8 UnitedLinux 1.0	`cups >= 1.1.15-208` `cups-client >= 1.1.15-208` `cups-devel >= 1.1.15-208` `cups-libs >= 1.1.15-208`	sles10.s390x sles9-oes.x86 slrs8.x86 core9.s390 sled10.x86 ul1.s390 ZYPP Patch Nr: 4667
Novell Linux Desktop 9 for x86 Open Enterprise Server	`cups >= 1.1.20-108.44` `cups-client >= 1.1.20-108.44` `cups-devel >= 1.1.20-108.44` `cups-libs >= 1.1.20-108.44`	sles10.s390x sles9-oes.x86 slrs8.x86 core9.s390 sled10.x86 ul1.s390 ZYPP Patch Nr: 4667
Novell Linux Desktop 9 for x86_64	`cups >= 1.1.20-108.44` `cups-client >= 1.1.20-108.44` `cups-devel >= 1.1.20-108.44` `cups-libs >= 1.1.20-108.44` `cups-libs-32bit >= 9-200711080439`	sles10.s390x sles9-oes.x86 slrs8.x86 core9.s390 sled10.x86 ul1.s390 ZYPP Patch Nr: 4667