Vulnerability Details : CVE-2007-0104
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
Vulnerability category: Memory CorruptionInput validationDenial of service
Products affected by CVE-2007-0104
- cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.4:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:kde:kde:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:3.0.1_pl1:*:*:*:*:*:*:*
- cpe:2.3:a:xpdf:xpdf:3.0.1_pl2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-0104
19.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0104
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2007-0104
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-0104
-
Red Hat 2007-01-15Not Vulnerable. This flaw is the result of an infinite recursion flaw in xpdf, which cannot result in arbitrary code execution.
References for CVE-2007-0104
-
http://support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html
Security update for poppler
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:022
Mandriva
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:020
Mandriva
-
http://www.securityfocus.com/bid/21910
Exploit
-
http://www.securitytracker.com/id?1017749
Access Denied
-
http://docs.info.apple.com/article.html?artnum=305214
-
http://www.novell.com/linux/security/advisories/2007_3_sr.html
404 Page Not Found | SUSE
-
https://issues.rpath.com/browse/RPL-964
-
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Page Not Found | CISAUS Government Resource
-
http://www.securityfocus.com/archive/1/457055/100/0/threaded
-
http://www.ubuntu.com/usn/usn-410-2
USN-410-2: teTeX vulnerability | Ubuntu security notices | Ubuntu
-
http://securitytracker.com/id?1017514
GoDaddy Domain Name Search
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:021
Mandriva
-
http://www.vupen.com/english/advisories/2007/0244
Site en constructionVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:018
Mandriva
-
http://www.vupen.com/english/advisories/2007/0203
Site en constructionVendor Advisory
-
http://www.ubuntu.com/usn/usn-410-1
USN-410-1: poppler vulnerability | Ubuntu security notices | Ubuntu
-
http://www.vupen.com/english/advisories/2007/0930
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:019
Mandriva
-
http://www.vupen.com/english/advisories/2007/0212
Site en constructionVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:024
Mandriva
-
http://www.kde.org/info/security/advisory-20070115-1.txt
-
http://projects.info-pull.com/moab/MOAB-06-01-2007.html
projects.info-pull.com | 523: Origin is unreachable
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/31364
Multiple Vendor PDF catalog dictionary and Pages attribute code execution CVE-2007-0104 Vulnerability Report
Jump to