National Cyber-Alert System

Vulnerability Summary for CVE-2007-0104

Overview

The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

Vendor Statments (disclaimer)

Official Statement from Red Hat (01/15/2007)

Not Vulnerable. This flaw is the result of an infinite recursion flaw in xpdf, which cannot result in arbitrary code execution.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA07-072A

Name: TA07-072A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA07-072A.html

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-964

Hyperlink:https://issues.rpath.com/browse/RPL-964

External Source: XF

Name: multiple-vendor-pdf-code-execution(31364)

Hyperlink:http://xforce.iss.net/xforce/xfdb/31364

External Source: UBUNTU

Name: USN-410-2

Hyperlink:http://www.ubuntu.com/usn/usn-410-2

External Source: UBUNTU

Name: USN-410-1

Hyperlink:http://www.ubuntu.com/usn/usn-410-1

External Source: SECTRACK

Name: 1017749

Hyperlink:http://www.securitytracker.com/id?1017749

External Source: BID

Name: 21910

Hyperlink:http://www.securityfocus.com/bid/21910

External Source: BUGTRAQ

Name: 20070116 [KDE Security Advisory] kpdf/kword/xpdf denial of service vulnerability

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/457055/100/0/threaded

External Source: SUSE

Name: SUSE-SR:2007:003

Hyperlink:http://www.novell.com/linux/security/advisories/2007_3_sr.html

External Source: MANDRIVA

Name: MDKSA-2007:024

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:024

External Source: MANDRIVA

Name: MDKSA-2007:022

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:022

External Source: MANDRIVA

Name: MDKSA-2007:021

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:021

External Source: MANDRIVA

Name: MDKSA-2007:020

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:020

External Source: MANDRIVA

Name: MDKSA-2007:019

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:019

External Source: MANDRIVA

Name: MDKSA-2007:018

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:018

External Source: CONFIRM

Name: http://www.kde.org/info/security/advisory-20070115-1.txt

Hyperlink:http://www.kde.org/info/security/advisory-20070115-1.txt

External Source: VUPEN

Name: ADV-2007-0930

Hyperlink:http://www.frsirt.com/english/advisories/2007/0930

External Source: VUPEN

Name: ADV-2007-0244

Hyperlink:http://www.frsirt.com/english/advisories/2007/0244

External Source: VUPEN

Name: ADV-2007-0212

Hyperlink:http://www.frsirt.com/english/advisories/2007/0212

External Source: VUPEN

Name: ADV-2007-0203

Hyperlink:http://www.frsirt.com/english/advisories/2007/0203

External Source: CONFIRM

Name: http://support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html

Hyperlink:http://support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html

External Source: SECTRACK

Name: 1017514

Hyperlink:http://securitytracker.com/id?1017514

External Source: SECUNIA

Name: 24479

Hyperlink:http://secunia.com/advisories/24479

External Source: SECUNIA

Name: 24204

Hyperlink:http://secunia.com/advisories/24204

External Source: SECUNIA

Name: 23876

Hyperlink:http://secunia.com/advisories/23876

External Source: SECUNIA

Name: 23844

Hyperlink:http://secunia.com/advisories/23844

External Source: SECUNIA

Name: 23839

Hyperlink:http://secunia.com/advisories/23839

External Source: SECUNIA

Name: 23815

Hyperlink:http://secunia.com/advisories/23815

External Source: SECUNIA

Name: 23813

Hyperlink:http://secunia.com/advisories/23813

External Source: SECUNIA

Name: 23808

Hyperlink:http://secunia.com/advisories/23808

External Source: SECUNIA

Name: 23799

Hyperlink:http://secunia.com/advisories/23799

External Source: SECUNIA

Name: 23791

Hyperlink:http://secunia.com/advisories/23791

External Source: MISC

Name: http://projects.info-pull.com/moab/MOAB-06-01-2007.html

Hyperlink:http://projects.info-pull.com/moab/MOAB-06-01-2007.html

External Source: MANDRIVA

Name: MDKSA-2007:024

Hyperlink:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:024

External Source: MANDRIVA

Name: MDKSA-2007:021

Hyperlink:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:021

External Source: MANDRIVA

Name: MDKSA-2007:019

Hyperlink:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:019

External Source: CONFIRM

Name: http://docs.info.apple.com/article.html?artnum=305214

Hyperlink:http://docs.info.apple.com/article.html?artnum=305214