CVE-2007-4352

N/A Unknown

Published: November 08, 2007 Modified: April 23, 2026

Description

Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://secunia.com/advisories/26503

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27260

Source: PSIRT-CNA@flexerasoftware.com

Patch Vendor Advisory

http://secunia.com/advisories/27553

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27573

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27574

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27575

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27577

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27578

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27599

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27615

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27618

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27619

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27632

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27634

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27636

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27637

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27640

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27641

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27642

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27645

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27656

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27658

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27705

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27721

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27724

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27743

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27856

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/28043

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/28812

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/29104

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/29604

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/30168

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/secunia_research/2007-88/advisory/

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200711-22.xml

Source: PSIRT-CNA@flexerasoftware.com

http://security.gentoo.org/glsa/glsa-200711-34.xml

Source: PSIRT-CNA@flexerasoftware.com

http://security.gentoo.org/glsa/glsa-200805-13.xml

Source: PSIRT-CNA@flexerasoftware.com

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882

Source: PSIRT-CNA@flexerasoftware.com

http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.html

Source: PSIRT-CNA@flexerasoftware.com

http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.html

Source: PSIRT-CNA@flexerasoftware.com

http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html

Source: PSIRT-CNA@flexerasoftware.com

http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.html

Source: PSIRT-CNA@flexerasoftware.com

http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html

Source: PSIRT-CNA@flexerasoftware.com

http://www.debian.org/security/2008/dsa-1480

Source: PSIRT-CNA@flexerasoftware.com

http://www.debian.org/security/2008/dsa-1509

Source: PSIRT-CNA@flexerasoftware.com

http://www.debian.org/security/2008/dsa-1537

Source: PSIRT-CNA@flexerasoftware.com

http://www.kde.org/info/security/advisory-20071107-1.txt

Source: PSIRT-CNA@flexerasoftware.com

http://www.mandriva.com/security/advisories?name=MDKSA-2007:219

Source: PSIRT-CNA@flexerasoftware.com

http://www.mandriva.com/security/advisories?name=MDKSA-2007:220

Source: PSIRT-CNA@flexerasoftware.com

http://www.mandriva.com/security/advisories?name=MDKSA-2007:221

Source: PSIRT-CNA@flexerasoftware.com

http://www.mandriva.com/security/advisories?name=MDKSA-2007:222

Source: PSIRT-CNA@flexerasoftware.com

http://www.mandriva.com/security/advisories?name=MDKSA-2007:223

Source: PSIRT-CNA@flexerasoftware.com

http://www.mandriva.com/security/advisories?name=MDKSA-2007:227

Source: PSIRT-CNA@flexerasoftware.com

http://www.mandriva.com/security/advisories?name=MDKSA-2007:228

Source: PSIRT-CNA@flexerasoftware.com

http://www.mandriva.com/security/advisories?name=MDKSA-2007:230

Source: PSIRT-CNA@flexerasoftware.com

http://www.novell.com/linux/security/advisories/2007_60_pdf.html

Source: PSIRT-CNA@flexerasoftware.com

http://www.redhat.com/support/errata/RHSA-2007-1021.html

Source: PSIRT-CNA@flexerasoftware.com

http://www.redhat.com/support/errata/RHSA-2007-1022.html

Source: PSIRT-CNA@flexerasoftware.com

http://www.redhat.com/support/errata/RHSA-2007-1024.html

Source: PSIRT-CNA@flexerasoftware.com

http://www.redhat.com/support/errata/RHSA-2007-1025.html

Source: PSIRT-CNA@flexerasoftware.com

http://www.redhat.com/support/errata/RHSA-2007-1026.html

Source: PSIRT-CNA@flexerasoftware.com

http://www.redhat.com/support/errata/RHSA-2007-1027.html

Source: PSIRT-CNA@flexerasoftware.com

http://www.redhat.com/support/errata/RHSA-2007-1029.html

Source: PSIRT-CNA@flexerasoftware.com

http://www.redhat.com/support/errata/RHSA-2007-1030.html

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/archive/1/483372

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/bid/26367

Source: PSIRT-CNA@flexerasoftware.com

http://www.securitytracker.com/id?1018905

Source: PSIRT-CNA@flexerasoftware.com

http://www.ubuntu.com/usn/usn-542-1

Source: PSIRT-CNA@flexerasoftware.com

http://www.ubuntu.com/usn/usn-542-2

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2007/3774

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2007/3775

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2007/3776

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2007/3779

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2007/3786

Source: PSIRT-CNA@flexerasoftware.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/38306

Source: PSIRT-CNA@flexerasoftware.com

https://issues.rpath.com/browse/RPL-1926

Source: PSIRT-CNA@flexerasoftware.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9979

Source: PSIRT-CNA@flexerasoftware.com

https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html

Source: PSIRT-CNA@flexerasoftware.com

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html

Source: PSIRT-CNA@flexerasoftware.com

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html

Source: PSIRT-CNA@flexerasoftware.com

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html

Source: PSIRT-CNA@flexerasoftware.com

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html

Source: PSIRT-CNA@flexerasoftware.com

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/26503

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27260

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://secunia.com/advisories/27553

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27573

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27574

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27575

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27577

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27578

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27599

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27615

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27618

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27619

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27632

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27634

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27636

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27637

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27640

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27641

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27642

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27645

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27656

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27658

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27705

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27721

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27724

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27743

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27856

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28043

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28812

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29104

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29604

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/30168

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/secunia_research/2007-88/advisory/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200711-22.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200711-34.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200805-13.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2008/dsa-1480

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2008/dsa-1509

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2008/dsa-1537

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kde.org/info/security/advisory-20071107-1.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2007:219

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2007:220

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2007:221

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2007:222

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2007:223

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2007:227

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2007:228

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2007:230

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2007_60_pdf.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2007-1021.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2007-1022.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2007-1024.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2007-1025.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2007-1026.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2007-1027.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2007-1029.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2007-1030.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/483372

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/26367

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1018905

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-542-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-542-2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/3774

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/3775

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/3776

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/3779

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/3786

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/38306

Source: af854a3a-2127-422b-91ae-364da2661108

https://issues.rpath.com/browse/RPL-1926

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9979

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html

Source: af854a3a-2127-422b-91ae-364da2661108

164 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

7.0%

93th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

xpdf