Vulnerabilidad en xpdf, kpdf, poppler, y otros productos en KDE (CVE-2007-0104)
Gravedad CVSS v2.0:
MEDIA
Tipo:
CWE-20
Validación incorrecta de entrada
Fecha de publicación:
09/01/2007
Última modificación:
09/04/2025
Descripción
La especificación de Adobe PDF versión 1.3, implementada por (a) xpdf versión 3.0.1 parche 2, (b) kpdf en KDE anterior a versión 3.5.5, (c) poppler anterior a versión 0.5.4, y otros productos, permite a los atacantes remotos tener un impacto desconocido, posiblemente incluyendo la denegación de servicio (bucle infinito), ejecución de código arbitraria, o corrupción de memoria , por medio de un archivo PDF con un (1) diccionario de catálogo creado o (2) un atributo Pages creado que hace referencia a un nodo de árbol de páginas no válido.
Impacto
Puntuación base 2.0
6.80
Gravedad 2.0
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xpdf:xpdf:3.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xpdf:xpdf:3.0.1_pl1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xpdf:xpdf:3.0.1_pl2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:kde:kde:3.4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:kde:kde:3.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:kde:kde:3.4.2:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://docs.info.apple.com/article.html?artnum=305214
- http://projects.info-pull.com/moab/MOAB-06-01-2007.html
- http://secunia.com/advisories/23791
- http://secunia.com/advisories/23799
- http://secunia.com/advisories/23808
- http://secunia.com/advisories/23813
- http://secunia.com/advisories/23815
- http://secunia.com/advisories/23839
- http://secunia.com/advisories/23844
- http://secunia.com/advisories/23876
- http://secunia.com/advisories/24204
- http://secunia.com/advisories/24479
- http://securitytracker.com/id?1017514=
- http://support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html
- http://www.kde.org/info/security/advisory-20070115-1.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A018
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A019
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A020
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A021
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A022
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A024
- http://www.novell.com/linux/security/advisories/2007_3_sr.html
- http://www.securityfocus.com/archive/1/457055/100/0/threaded
- http://www.securityfocus.com/bid/21910
- http://www.securitytracker.com/id?1017749=
- http://www.ubuntu.com/usn/usn-410-1
- http://www.ubuntu.com/usn/usn-410-2
- http://www.us-cert.gov/cas/techalerts/TA07-072A.html
- http://www.vupen.com/english/advisories/2007/0203
- http://www.vupen.com/english/advisories/2007/0212
- http://www.vupen.com/english/advisories/2007/0244
- http://www.vupen.com/english/advisories/2007/0930
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31364
- https://issues.rpath.com/browse/RPL-964
- http://docs.info.apple.com/article.html?artnum=305214
- http://projects.info-pull.com/moab/MOAB-06-01-2007.html
- http://secunia.com/advisories/23791
- http://secunia.com/advisories/23799
- http://secunia.com/advisories/23808
- http://secunia.com/advisories/23813
- http://secunia.com/advisories/23815
- http://secunia.com/advisories/23839
- http://secunia.com/advisories/23844
- http://secunia.com/advisories/23876
- http://secunia.com/advisories/24204
- http://secunia.com/advisories/24479
- http://securitytracker.com/id?1017514=
- http://support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html
- http://www.kde.org/info/security/advisory-20070115-1.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A018
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A019
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A020
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A021
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A022
- http://www.mandriva.com/security/advisories?name=MDKSA-2007%3A024
- http://www.novell.com/linux/security/advisories/2007_3_sr.html
- http://www.securityfocus.com/archive/1/457055/100/0/threaded
- http://www.securityfocus.com/bid/21910
- http://www.securitytracker.com/id?1017749=
- http://www.ubuntu.com/usn/usn-410-1
- http://www.ubuntu.com/usn/usn-410-2
- http://www.us-cert.gov/cas/techalerts/TA07-072A.html
- http://www.vupen.com/english/advisories/2007/0203
- http://www.vupen.com/english/advisories/2007/0212
- http://www.vupen.com/english/advisories/2007/0244
- http://www.vupen.com/english/advisories/2007/0930
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31364
- https://issues.rpath.com/browse/RPL-964