CVE-2007-4352

Description

Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.

7.6
CVSS
Severity: High
CVSS 2.0 •
EPSS 21.67% Top 5%
Vendor Advisory novell.com Vendor Advisory mandriva.com Vendor Advisory mandriva.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory debian.org Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory gentoo.org Vendor Advisory debian.org Vendor Advisory redhat.com Vendor Advisory slackware.com Vendor Advisory redhat.com Vendor Advisory mandriva.com Vendor Advisory debian.org Vendor Advisory gentoo.org Vendor Advisory mandriva.com Vendor Advisory mandriva.com Vendor Advisory gentoo.org Vendor Advisory redhat.com Vendor Advisory mandriva.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory ubuntu.com Vendor Advisory redhat.com Vendor Advisory mandriva.com Vendor Advisory ubuntu.com Vendor Advisory redhat.com Vendor Advisory mandriva.com Vendor Advisory secunia.com Vendor Advisory secunia.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://www.novell.com/linux/security/advisories/2007_60_pdf.html vendor advisory
http://secunia.com/advisories/27632 third party advisory
http://secunia.com/advisories/27743 third party advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:222 vendor advisory
http://www.vupen.com/english/advisories/2007/3774 vdb entry
http://secunia.com/advisories/27260 third party advisory patch vendor advisory
http://secunia.com/advisories/27856 third party advisory
http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.html
http://secunia.com/advisories/27636 third party advisory
http://secunia.com/advisories/29604 third party advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:223 vendor advisory
http://secunia.com/advisories/27721 third party advisory
http://secunia.com/advisories/27724 third party advisory
http://www.vupen.com/english/advisories/2007/3776 vdb entry
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html vendor advisory
http://secunia.com/advisories/27577 third party advisory
http://secunia.com/advisories/29104 third party advisory
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html vendor advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/38306 vdb entry
http://secunia.com/advisories/27618 third party advisory
http://secunia.com/advisories/27642 third party advisory
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html vendor advisory
http://secunia.com/advisories/27656 third party advisory
http://secunia.com/secunia_research/2007-88/advisory/ vendor advisory
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html vendor advisory
http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.html
http://www.redhat.com/support/errata/RHSA-2007-1026.html vendor advisory
http://www.debian.org/security/2008/dsa-1509 vendor advisory
http://www.redhat.com/support/errata/RHSA-2007-1022.html vendor advisory
http://secunia.com/advisories/27573 third party advisory
http://www.redhat.com/support/errata/RHSA-2007-1029.html vendor advisory
http://secunia.com/advisories/27641 third party advisory
http://security.gentoo.org/glsa/glsa-200805-13.xml vendor advisory
http://secunia.com/advisories/28812 third party advisory
http://www.debian.org/security/2008/dsa-1537 vendor advisory
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html vendor advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882 vendor advisory
http://www.securityfocus.com/bid/26367 vdb entry
http://secunia.com/advisories/27615 third party advisory
http://www.redhat.com/support/errata/RHSA-2007-1021.html vendor advisory
http://www.vupen.com/english/advisories/2007/3786 vdb entry
http://secunia.com/advisories/27645 third party advisory
http://www.securityfocus.com/archive/1/483372 mailing list
http://secunia.com/advisories/30168 third party advisory
http://secunia.com/advisories/27574 third party advisory
https://issues.rpath.com/browse/RPL-1926
http://secunia.com/advisories/26503 third party advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:219 vendor advisory
http://www.debian.org/security/2008/dsa-1480 vendor advisory
http://security.gentoo.org/glsa/glsa-200711-22.xml vendor advisory
http://secunia.com/advisories/27634 third party advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:227 vendor advisory
http://www.kde.org/info/security/advisory-20071107-1.txt
http://secunia.com/advisories/28043 third party advisory
http://secunia.com/advisories/27619 third party advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:220 vendor advisory
http://secunia.com/advisories/27705 third party advisory
http://secunia.com/advisories/27578 third party advisory
http://secunia.com/advisories/27640 third party advisory
http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html
http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.html
http://security.gentoo.org/glsa/glsa-200711-34.xml vendor advisory
http://secunia.com/advisories/27599 third party advisory
http://secunia.com/advisories/27575 third party advisory
http://www.securitytracker.com/id?1018905 vdb entry
http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9979 vdb entry signature
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html vendor advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:228 vendor advisory
http://www.vupen.com/english/advisories/2007/3775 vdb entry
http://www.redhat.com/support/errata/RHSA-2007-1027.html vendor advisory
http://www.redhat.com/support/errata/RHSA-2007-1030.html vendor advisory
http://www.ubuntu.com/usn/usn-542-1 vendor advisory
http://secunia.com/advisories/27658 third party advisory
http://www.redhat.com/support/errata/RHSA-2007-1024.html vendor advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230 vendor advisory
http://www.ubuntu.com/usn/usn-542-2 vendor advisory
http://www.redhat.com/support/errata/RHSA-2007-1025.html vendor advisory
http://www.vupen.com/english/advisories/2007/3779 vdb entry
http://www.mandriva.com/security/advisories?name=MDKSA-2007:221 vendor advisory
http://secunia.com/advisories/27553 third party advisory
http://secunia.com/advisories/27637 third party advisory

Frequently Asked Questions

What is the severity of CVE-2007-4352?
CVE-2007-4352 has been scored as a high severity vulnerability.
How to fix CVE-2007-4352?
To fix CVE-2007-4352, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2007-4352 being actively exploited in the wild?
It is possible that CVE-2007-4352 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~22% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.