|
|
|
Credit:
The information has been provided by Secunia Research.
The original article can be found at: http://secunia.com/secunia_research/2007-88/
|
|
Vulnerable Systems:
* Xpdf version 3.02 with xpdf-3.02pl1.patch
1) An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file.
2) An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
3) A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter.
Successful exploitation may allow execution of arbitrary code.
Time Table:
17/10/2007 - Vendor notified.
22/10/2007 - vendor-sec notified.
19/10/2007 - Vendor response.
07/11/2007 - Public disclosure.
CVE Information:
CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393
|
|
|
|