Fluid Attacks Database

Description

Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	xpdf	>=0 <3.02-1.3	3.02-1.3
debian 11	poppler	>=0 <0.6.2-1	0.6.2-1
debian 11	cups	>=0 <1.1.22-7	1.1.22-7
debian 11	libextractor	>=0 <0.5.12-1	0.5.12-1
debian 11	xpdf	>=0 <3.02-1.3	3.02-1.3
debian 12	poppler	>=0 <0.6.2-1	0.6.2-1
debian 13	xpdf	>=0 <3.02-1.3	3.02-1.3
debian 13	poppler	>=0 <0.6.2-1	0.6.2-1
debian 14	libextractor	>=0 <0.5.12-1	0.5.12-1
debian 12	cups	>=0 <1.1.22-7	1.1.22-7

1-10 of 19

Aliases

1. CVE-2007-53922. NVD-2007-53923. OSV-DEBIAN-2007-53924. OSV-2007-53925. SECURITY-TRACKER-CVE-2007-5392

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.