CVE-2007-5393

Description

Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.

Category

9.3
CVSS
Severity: Critical
CVSS 2.0 •
EPSS 9.52% Top 10%
Vendor Advisory novell.com Vendor Advisory mandriva.com Vendor Advisory mandriva.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory debian.org Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory gentoo.org Vendor Advisory debian.org Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory slackware.com Vendor Advisory redhat.com Vendor Advisory mandriva.com Vendor Advisory debian.org Vendor Advisory gentoo.org Vendor Advisory mandriva.com Vendor Advisory mandriva.com Vendor Advisory redhat.com Vendor Advisory gentoo.org Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory mandriva.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory ubuntu.com Vendor Advisory redhat.com Vendor Advisory mandriva.com Vendor Advisory ubuntu.com Vendor Advisory redhat.com Vendor Advisory debian.org Vendor Advisory redhat.com Vendor Advisory mandriva.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://secunia.com/advisories/27579 third party advisory vendor advisory
http://www.novell.com/linux/security/advisories/2007_60_pdf.html vendor advisory
http://secunia.com/advisories/27632 third party advisory
http://secunia.com/advisories/27743 third party advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:222 vendor advisory
http://www.vupen.com/english/advisories/2007/3774 vdb entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/38304 vdb entry
http://secunia.com/advisories/27260 third party advisory patch vendor advisory
http://secunia.com/advisories/27856 third party advisory
http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.html
http://secunia.com/advisories/27636 third party advisory
http://secunia.com/advisories/29604 third party advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:223 vendor advisory
http://secunia.com/advisories/27721 third party advisory
http://secunia.com/advisories/27724 third party advisory
http://www.vupen.com/english/advisories/2007/3776 vdb entry
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html vendor advisory
http://secunia.com/advisories/27577 third party advisory vendor advisory
http://secunia.com/advisories/29104 third party advisory
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9839 vdb entry signature
http://secunia.com/advisories/27618 third party advisory
http://secunia.com/advisories/27642 third party advisory
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html vendor advisory
http://secunia.com/advisories/27656 third party advisory
http://secunia.com/secunia_research/2007-88/advisory/ vendor advisory
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html vendor advisory
http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.html
http://www.redhat.com/support/errata/RHSA-2007-1026.html vendor advisory
http://www.debian.org/security/2008/dsa-1509 vendor advisory
http://www.redhat.com/support/errata/RHSA-2007-1022.html vendor advisory
http://secunia.com/advisories/27573 third party advisory vendor advisory
http://www.redhat.com/support/errata/RHSA-2007-1029.html vendor advisory
http://secunia.com/advisories/27641 third party advisory
http://security.gentoo.org/glsa/glsa-200805-13.xml vendor advisory
http://secunia.com/advisories/28812 third party advisory
http://www.debian.org/security/2008/dsa-1537 vendor advisory
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html vendor advisory
http://www.redhat.com/support/errata/RHSA-2007-1031.html vendor advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-476.htm
http://secunia.com/advisories/27772 third party advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882 vendor advisory
http://www.securityfocus.com/bid/26367 vdb entry
http://secunia.com/advisories/27615 third party advisory
http://www.redhat.com/support/errata/RHSA-2007-1021.html vendor advisory
http://www.vupen.com/english/advisories/2007/3786 vdb entry
http://secunia.com/advisories/27645 third party advisory
http://www.securityfocus.com/archive/1/483372 mailing list
http://secunia.com/advisories/30168 third party advisory
http://secunia.com/advisories/27574 third party advisory
https://issues.rpath.com/browse/RPL-1926
http://secunia.com/advisories/26503 third party advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:219 vendor advisory
http://www.debian.org/security/2008/dsa-1480 vendor advisory
http://security.gentoo.org/glsa/glsa-200711-22.xml vendor advisory
http://secunia.com/advisories/27634 third party advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:227 vendor advisory
http://www.kde.org/info/security/advisory-20071107-1.txt
http://secunia.com/advisories/28043 third party advisory
http://secunia.com/advisories/27619 third party advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:220 vendor advisory
http://secunia.com/advisories/27705 third party advisory
http://secunia.com/advisories/27578 third party advisory vendor advisory
http://secunia.com/advisories/27640 third party advisory
http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html
http://www.redhat.com/support/errata/RHSA-2007-1023.html vendor advisory
http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.html
http://secunia.com/advisories/27718 third party advisory
http://security.gentoo.org/glsa/glsa-200711-34.xml vendor advisory
http://secunia.com/advisories/27599 third party advisory
http://secunia.com/advisories/27575 third party advisory vendor advisory
http://www.redhat.com/support/errata/RHSA-2007-1028.html vendor advisory
http://www.securitytracker.com/id?1018905 vdb entry
http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html vendor advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:228 vendor advisory
http://www.vupen.com/english/advisories/2007/3775 vdb entry
http://www.redhat.com/support/errata/RHSA-2007-1027.html vendor advisory
http://www.redhat.com/support/errata/RHSA-2007-1030.html vendor advisory
http://www.ubuntu.com/usn/usn-542-1 vendor advisory
http://secunia.com/advisories/27658 third party advisory
http://www.redhat.com/support/errata/RHSA-2007-1024.html vendor advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230 vendor advisory
http://www.ubuntu.com/usn/usn-542-2 vendor advisory
http://www.redhat.com/support/errata/RHSA-2007-1025.html vendor advisory
http://www.vupen.com/english/advisories/2007/3779 vdb entry
http://www.debian.org/security/2007/dsa-1408 vendor advisory
http://www.redhat.com/support/errata/RHSA-2007-1051.html vendor advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:221 vendor advisory
http://secunia.com/advisories/27553 third party advisory vendor advisory
http://secunia.com/advisories/27637 third party advisory

Frequently Asked Questions

What is the severity of CVE-2007-5393?
CVE-2007-5393 has been scored as a critical severity vulnerability.
How to fix CVE-2007-5393?
To fix CVE-2007-5393, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2007-5393 being actively exploited in the wild?
It is possible that CVE-2007-5393 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~10% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.