|Category:||Mandrake Local Security Checks|
|Title:||Mandrake Security Advisory MDKSA-2007:021 (xpdf)|
|Summary:||Mandrake Security Advisory MDKSA-2007:021 (xpdf)|
The remote host is missing an update to xpdf
announced via advisory MDKSA-2007:021.
The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2,
kpdf in KDE before 3.5.5, and other products, allows remote attackers
to have an unknown impact, possibly including denial of service
(infinite loop), arbitrary code execution, or memory corruption, via a
PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages
attribute that references an invalid page tree node.
The updated packages have been patched to correct this problem.
Affected: 2007.0, Corporate 3.0, Corporate 4.0
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-2007-0104|
Bugtraq: 20070116 [KDE Security Advisory] kpdf/kword/xpdf denial of service vulnerability (Google Search)
SuSE Security Announcement: SUSE-SR:2007:003 (Google Search)
Cert/CC Advisory: TA07-072A
BugTraq ID: 21910
XForce ISS Database: multiple-vendor-pdf-code-execution(31364)
|Copyright||Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com|
|This is only one of 40605 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.