CERTA-2007-AVI-484

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans Xpdf permettent à un individu malveillant l'exécution de code arbitraire en local.

Ces vulnérabilités affectent les produits utilisant la même souche logicielle.

Description

De multiples vulnérabilités dans le script Stream.cc de Xpdf permettent à un individu malveillant l'exécution de code arbitraire en local via un fichier pdf spécialement conçu.

Ces vulnérabilités affectent les produits utilisant la même souche logicielle.

Solution

Se référer aux sites des éditeurs pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
N/A N/A Gnome gpdf ;
N/A N/A KDE, au moins les versions 3.2.0 à 3.5.8;
N/A N/A Xpdf version 3.02.
N/A N/A CUPS ;
N/A N/A Poppler ;
N/A N/A KOffice 1.x ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Gnome gpdf ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "KDE, au moins les versions 3.2.0 \u00e0 3.5.8;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Xpdf version 3.02.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CUPS ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Poppler ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "KOffice 1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s dans le script Stream.cc de Xpdf permettent\n\u00e0 un individu malveillant l\u0027ex\u00e9cution de code arbitraire en local via un\nfichier pdf sp\u00e9cialement con\u00e7u.\n\nCes vuln\u00e9rabilit\u00e9s affectent les produits utilisant la m\u00eame souche\nlogicielle.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux sites des \u00e9diteurs pour l\u0027obtention des correctifs (cf.\nsection Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5392"
    },
    {
      "name": "CVE-2007-4352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4352"
    },
    {
      "name": "CVE-2007-5393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5393"
    }
  ],
  "links": [
    {
      "title": "Bulletin KDE du 07 novembre 2007 :",
      "url": "http://www.kde.org/info/security/advisory-20071107-1.txt"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Redhat 1021-3 du 07 novembre 2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-1021.html"
    },
    {
      "title": "Rustine Xpdf :",
      "url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Redhat 1026-3 du 07 novembre 2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-1026.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Redhat 1022-2 du 07 novembre 2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-1022.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Secunia num\u00e9ro 27260 du 07 novembre    2007 :",
      "url": "http://secunia.com/advisories/27260/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Redhat 1025-5 du 07 novembre 2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-1025.html"
    }
  ],
  "reference": "CERTA-2007-AVI-484",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-11-08T00:00:00.000000"
    },
    {
      "description": "ajouts des produits associ\u00e9s.",
      "revision_date": "2007-11-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans Xpdf permettent \u00e0 un individu\nmalveillant l\u0027ex\u00e9cution de code arbitraire en local.\n\nCes vuln\u00e9rabilit\u00e9s affectent les produits utilisant la m\u00eame souche\nlogicielle.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans gpdf et produits deriv\u00e9s",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Secunia 27260 du 07 novembre 2007",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.