// For flags

CVE-2007-5392

DCTStream:: reset()

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.

Un desbordamiento de enteros en el método DCTStream::reset en el archivo xpdf/Stream.cc en Xpdf versión 3.02p11, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo PDF diseñado, resultando en un desbordamiento de búfer en la región heap de la memoria.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-10-12 CVE Reserved
  • 2007-11-08 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (84)
URL Tag Source
http://secunia.com/advisories/27632 Third Party Advisory
http://secunia.com/advisories/27634 Third Party Advisory
http://secunia.com/advisories/27636 Third Party Advisory
http://secunia.com/advisories/27641 Third Party Advisory
http://secunia.com/advisories/27642 Third Party Advisory
http://secunia.com/advisories/27645 Third Party Advisory
http://secunia.com/advisories/27656 Third Party Advisory
http://secunia.com/advisories/27658 Third Party Advisory
http://secunia.com/advisories/27705 Third Party Advisory
http://secunia.com/advisories/27721 Third Party Advisory
http://secunia.com/advisories/27724 Third Party Advisory
http://secunia.com/advisories/27743 Third Party Advisory
http://secunia.com/advisories/27856 Third Party Advisory
http://secunia.com/advisories/28043 Third Party Advisory
http://secunia.com/advisories/28812 Third Party Advisory
http://secunia.com/advisories/29104 Third Party Advisory
http://secunia.com/advisories/29604 Third Party Advisory
http://secunia.com/advisories/30168 Third Party Advisory
http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.html X_refsource_confirm
http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.html X_refsource_confirm
http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html X_refsource_confirm
http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.html X_refsource_confirm
http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html X_refsource_confirm
http://www.kde.org/info/security/advisory-20071107-1.txt X_refsource_confirm
http://www.securityfocus.com/archive/1/483372 Mailing List
http://www.securityfocus.com/bid/26367 Vdb Entry
http://www.securitytracker.com/id?1018905 Vdb Entry
http://www.vupen.com/english/advisories/2007/3774 Vdb Entry
http://www.vupen.com/english/advisories/2007/3775 Vdb Entry
http://www.vupen.com/english/advisories/2007/3776 Vdb Entry
http://www.vupen.com/english/advisories/2007/3779 Vdb Entry
http://www.vupen.com/english/advisories/2007/3786 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/38303 Vdb Entry
https://issues.rpath.com/browse/RPL-1926 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10036 Signature
URL Date SRC
URL Date SRC
http://secunia.com/advisories/27260 2017-09-29
URL Date SRC
http://secunia.com/advisories/26503 2017-09-29
http://secunia.com/advisories/27553 2017-09-29
http://secunia.com/advisories/27573 2017-09-29
http://secunia.com/advisories/27574 2017-09-29
http://secunia.com/advisories/27575 2017-09-29
http://secunia.com/advisories/27577 2017-09-29
http://secunia.com/advisories/27578 2017-09-29
http://secunia.com/advisories/27599 2017-09-29
http://secunia.com/advisories/27615 2017-09-29
http://secunia.com/advisories/27618 2017-09-29
http://secunia.com/advisories/27619 2017-09-29
http://secunia.com/advisories/27637 2017-09-29
http://secunia.com/advisories/27640 2017-09-29
http://secunia.com/secunia_research/2007-88/advisory 2017-09-29
http://security.gentoo.org/glsa/glsa-200711-22.xml 2017-09-29
http://security.gentoo.org/glsa/glsa-200711-34.xml 2017-09-29
http://security.gentoo.org/glsa/glsa-200805-13.xml 2017-09-29
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882 2017-09-29
http://www.debian.org/security/2008/dsa-1480 2017-09-29
http://www.debian.org/security/2008/dsa-1509 2017-09-29
http://www.debian.org/security/2008/dsa-1537 2017-09-29
http://www.mandriva.com/security/advisories?name=MDKSA-2007:219 2017-09-29
http://www.mandriva.com/security/advisories?name=MDKSA-2007:220 2017-09-29
http://www.mandriva.com/security/advisories?name=MDKSA-2007:221 2017-09-29
http://www.mandriva.com/security/advisories?name=MDKSA-2007:222 2017-09-29
http://www.mandriva.com/security/advisories?name=MDKSA-2007:223 2017-09-29
http://www.mandriva.com/security/advisories?name=MDKSA-2007:227 2017-09-29
http://www.mandriva.com/security/advisories?name=MDKSA-2007:228 2017-09-29
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230 2017-09-29
http://www.novell.com/linux/security/advisories/2007_60_pdf.html 2017-09-29
http://www.redhat.com/support/errata/RHSA-2007-1021.html 2017-09-29
http://www.redhat.com/support/errata/RHSA-2007-1022.html 2017-09-29
http://www.redhat.com/support/errata/RHSA-2007-1024.html 2017-09-29
http://www.redhat.com/support/errata/RHSA-2007-1025.html 2017-09-29
http://www.redhat.com/support/errata/RHSA-2007-1026.html 2017-09-29
http://www.redhat.com/support/errata/RHSA-2007-1027.html 2017-09-29
http://www.redhat.com/support/errata/RHSA-2007-1029.html 2017-09-29
http://www.redhat.com/support/errata/RHSA-2007-1030.html 2017-09-29
http://www.ubuntu.com/usn/usn-542-1 2017-09-29
http://www.ubuntu.com/usn/usn-542-2 2017-09-29
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html 2017-09-29
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html 2017-09-29
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html 2017-09-29
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html 2017-09-29
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html 2017-09-29
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html 2017-09-29
https://access.redhat.com/security/cve/CVE-2007-5392 2007-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=345111 2007-11-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xpdf
Search vendor "Xpdf"
 Xpdf
Search vendor "Xpdf" for product "Xpdf"
 3.0.1_pl1
Search vendor "Xpdf" for product "Xpdf" and version "3.0.1_pl1"
-
Affected