CVE-2007-5392

Upstream information

CVE-2007-5392 at MITRE

Description

Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.

---

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having critical severity.

CVSS v2 Scores

	National Vulnerability Database
Base Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entry: 335637 [RESOLVED / FIXED]

SUSE Security Advisories:

• SUSE-SA:2007:060, published Wed, 14 Nov 2007 16:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Server 11 SP1	cups >= 1.3.9-8.30.1 cups-client >= 1.3.9-8.30.1 cups-libs >= 1.3.9-8.30.1 cups-libs-32bit >= 1.3.9-8.30.1 cups-libs-x86 >= 1.3.9-8.30.1 libpoppler-glib4 >= 0.12.3-1.2.44 libpoppler-qt4-3 >= 0.12.3-1.2.44 libpoppler5 >= 0.12.3-1.2.44 poppler-tools >= 0.12.3-1.2.44	Patchnames: SUSE Linux Enterprise Server 11 SP1 GA cups SUSE Linux Enterprise Server 11 SP1 GA libpoppler-glib4
SUSE Linux Enterprise Server 11 SP2	cups >= 1.3.9-8.44.1 cups-client >= 1.3.9-8.44.1 cups-libs >= 1.3.9-8.44.1 cups-libs-32bit >= 1.3.9-8.44.1 cups-libs-x86 >= 1.3.9-8.44.1 libpoppler-glib4 >= 0.12.3-1.3.1 libpoppler-qt4-3 >= 0.12.3-1.3.1 libpoppler5 >= 0.12.3-1.3.1 poppler-tools >= 0.12.3-1.3.1	Patchnames: SUSE Linux Enterprise Server 11 SP2 GA cups SUSE Linux Enterprise Server 11 SP2 GA libpoppler-glib4
SUSE Linux Enterprise Server 11 SP3	cups >= 1.3.9-8.46.46.1 cups-client >= 1.3.9-8.46.46.1 cups-libs >= 1.3.9-8.46.46.1 cups-libs-32bit >= 1.3.9-8.46.46.1 cups-libs-x86 >= 1.3.9-8.46.46.1 libpoppler-glib4 >= 0.12.3-1.8.1 libpoppler-qt4-3 >= 0.12.3-1.8.1 libpoppler5 >= 0.12.3-1.8.1 poppler-tools >= 0.12.3-1.8.1	Patchnames: SUSE Linux Enterprise Server 11 SP3 GA cups SUSE Linux Enterprise Server 11 SP3 GA libpoppler-glib4
SUSE Linux Enterprise Server 11 SP4	cups >= 1.3.9-8.46.56.1 cups-client >= 1.3.9-8.46.56.1 cups-libs >= 1.3.9-8.46.56.1 cups-libs-32bit >= 1.3.9-8.46.56.1 cups-libs-x86 >= 1.3.9-8.46.56.1 libpoppler-glib4 >= 0.12.3-1.10.1 libpoppler-qt4-3 >= 0.12.3-1.10.1 libpoppler5 >= 0.12.3-1.10.1 poppler-tools >= 0.12.3-1.10.1	Patchnames: SUSE Linux Enterprise Server 11 SP4 GA cups SUSE Linux Enterprise Server 11 SP4 GA libpoppler-glib4
SUSE Linux Enterprise Software Development Kit 11 SP4	cups-devel >= 1.3.9-8.46.56.1 libpoppler-devel >= 0.12.3-1.10.1 libpoppler-glib-devel >= 0.12.3-1.10.1 libpoppler-qt2 >= 0.12.3-1.10.1 libpoppler-qt3-devel >= 0.12.3-1.10.1 libpoppler-qt4-devel >= 0.12.3-1.10.1 poppler-tools >= 0.12.3-1.10.1	Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA cups-devel SUSE Linux Enterprise Software Development Kit 11 SP4 GA libpoppler-devel
SUSE LINUX 10.0	gpdf >= 2.10.0-12.9
SUSE LINUX 10.1	gpdf >= 2.10.0-40.5
SUSE LINUX 10.0	cups >= 1.1.23-21.16 cups-client >= 1.1.23-21.16 cups-devel >= 1.1.23-21.16 cups-libs >= 1.1.23-21.16 cups-libs-32bit >= 1.1.23-21.16 cups-libs-64bit >= 1.1.23-21.16
SUSE LINUX 10.1	cups >= 1.1.23-40.32 cups-client >= 1.1.23-40.32 cups-devel >= 1.1.23-40.32 cups-libs >= 1.1.23-40.32 cups-libs-32bit >= 1.1.23-40.32 cups-libs-64bit >= 1.1.23-40.32
SLES SDK 9 for IBM S/390 and IBM zSeries SLES SDK 9 for IBM iSeries and IBM pSeries SLES SDK 9 for IBM zSeries SLES SDK 9 for IPF SLES SDK 9 for X86-64 SLES SDK 9 for x86	xpdf >= 3.00-64.46 xpdf-config >= 3.00-64.46	core9.s390 core9.x86 sled10.x86 sles10.s390x ZYPP Patch Nr: 4644
SUSE LINUX 10.0	pdftohtml >= 0.36-130.9
SUSE LINUX 10.1	pdftohtml >= 0.36-145.7
SUSE LINUX 10.0	poppler >= 0.4.2-3.11 poppler-devel >= 0.4.2-3.11 poppler-glib >= 0.4.2-3.11 poppler-qt >= 0.4.2-3.11
SUSE LINUX 10.1	poppler >= 0.4.4-19.15 poppler-devel >= 0.4.4-19.15 poppler-glib >= 0.4.4-19.15 poppler-qt >= 0.4.4-19.15
SUSE LINUX 10.0	koffice >= 1.4.1-10.8 koffice-database >= 1.4.1-10.8 koffice-devel >= 1.4.1-10.8 koffice-extra >= 1.4.1-10.8 koffice-illustration >= 1.4.1-10.8 koffice-presentation >= 1.4.1-10.8 koffice-spreadsheet >= 1.4.1-10.8 koffice-wordprocessing >= 1.4.1-10.8
SUSE LINUX 10.1	koffice >= 1.4.2-25.6 koffice-database >= 1.4.2-25.6 koffice-devel >= 1.4.2-25.6 koffice-extra >= 1.4.2-25.6 koffice-illustration >= 1.4.2-25.6 koffice-presentation >= 1.4.2-25.6 koffice-spreadsheet >= 1.4.2-25.6 koffice-wordprocessing >= 1.4.2-25.6
SUSE LINUX 10.0	libextractor >= 0.5.2-3.11 libextractor-devel >= 0.5.2-3.11
SUSE LINUX 10.1	libextractor >= 0.5.10-12.8 libextractor-devel >= 0.5.10-12.8
SUSE LINUX 10.0	xpdf >= 3.00-92.12 xpdf-config >= 3.00-92.12
SUSE LINUX 10.1	xpdf >= 3.01-21.13 xpdf-tools >= 3.01-21.13
SuSE Linux Desktop 1.0	koffice >= 1.2.1-216 koffice-extra >= 1.2.1-216 koffice-illustration >= 1.2.1-216 koffice-presentation >= 1.2.1-216 koffice-spreadsheet >= 1.2.1-216 koffice-wordprocessing >= 1.2.1-216	Builds
SUSE LINUX Retail Solution 8 SuSE Linux Desktop 1.0 SuSE Linux Enterprise Server 8 for AMD64 SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries SuSE Linux Enterprise Server 8 for IBM zSeries SuSE Linux Enterprise Server 8 for IPF SuSE Linux Openexchange Server 4 SuSE Linux School Server for i386 SuSE Linux Standard Server 8 UnitedLinux 1.0	cups >= 1.1.15-208 cups-client >= 1.1.15-208 cups-devel >= 1.1.15-208 cups-libs >= 1.1.15-208	sles10.s390x sles9-oes.x86 slrs8.x86 core9.s390 sled10.x86 ul1.s390 ZYPP Patch Nr: 4667
Novell Linux Desktop 9 for x86 Open Enterprise Server	cups >= 1.1.20-108.44 cups-client >= 1.1.20-108.44 cups-devel >= 1.1.20-108.44 cups-libs >= 1.1.20-108.44	sles10.s390x sles9-oes.x86 slrs8.x86 core9.s390 sled10.x86 ul1.s390 ZYPP Patch Nr: 4667
Novell Linux Desktop 9 for x86_64	cups >= 1.1.20-108.44 cups-client >= 1.1.20-108.44 cups-devel >= 1.1.20-108.44 cups-libs >= 1.1.20-108.44 cups-libs-32bit >= 9-200711080439	sles10.s390x sles9-oes.x86 slrs8.x86 core9.s390 sled10.x86 ul1.s390 ZYPP Patch Nr: 4667