漏洞信息详情
Xpdf Stream.CC文件数组索引错误漏洞
- CNNVD编号:CNNVD-200711-090
- 危害等级: 中危
- CVE编号: CVE-2007-4352
- 漏洞类型: 资料不足
- 发布时间: 2007-11-07
- 威胁类型: 远程
- 更新时间: 2007-11-08
- 厂 商: xpdf
- 漏洞来源: Alin Rad Pop
漏洞简介
Xpdf是便携文档格式(PDF)文件的开放源码浏览器。
xpdf/Stream.cc文件的DCTStream::readProgressiveDataUnit()方式存在数组索引错误,远程攻击者可以通过构造一个而已的PDF文件引发内存崩溃从而实现执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
ftp://ftp.kde.org/pub/kde/security_patches
https://www.redhat.com/support/errata/RHSA-2007-1021.HTML
参考网址
来源: SECUNIA
名称: 27260
链接:http://secunia.com/advisories/27260
来源: FEDORA
名称: FEDORA-2007-3100
链接:https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.HTML
来源: FEDORA
名称: FEDORA-2007-3059
链接:https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.HTML
来源: FEDORA
名称: FEDORA-2007-3031
链接:https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.HTML
来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-1926
来源: UBUNTU
名称: USN-542-2
链接:http://www.ubuntu.com/usn/usn-542-2
来源: UBUNTU
名称: USN-542-1
链接:http://www.ubuntu.com/usn/usn-542-1
来源: SECTRACK
名称: 1018905
链接:http://www.securitytracker.com/id?1018905
来源: BID
名称: 26367
链接:http://www.securityfocus.com/bid/26367
来源: BUGTRAQ
名称: 20071107 Secunia Research: Xpdf "Stream.cc" Multiple Vulnerabilities
链接:http://www.securityfocus.com/archive/1/483372
来源: REDHAT
名称: RHSA-2007:1030
链接:http://www.redhat.com/support/errata/RHSA-2007-1030.HTML
来源: REDHAT
名称: RHSA-2007:1029
链接:http://www.redhat.com/support/errata/RHSA-2007-1029.HTML
来源: REDHAT
名称: RHSA-2007:1027
链接:http://www.redhat.com/support/errata/RHSA-2007-1027.HTML
来源: REDHAT
名称: RHSA-2007:1026
链接:http://www.redhat.com/support/errata/RHSA-2007-1026.HTML
来源: REDHAT
名称: RHSA-2007:1025
链接:http://www.redhat.com/support/errata/RHSA-2007-1025.HTML
来源: REDHAT
名称: RHSA-2007:1024
链接:http://www.redhat.com/support/errata/RHSA-2007-1024.HTML
来源: REDHAT
名称: RHSA-2007:1022
链接:http://www.redhat.com/support/errata/RHSA-2007-1022.HTML
来源: REDHAT
名称: RHSA-2007:1021
链接:http://www.redhat.com/support/errata/RHSA-2007-1021.HTML
来源: SUSE
名称: SUSE-SA:2007:060
链接:http://www.novell.com/linux/security/advisories/2007_60_pdf.HTML
来源: MANDRIVA
名称: MDKSA-2007:230
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
来源: MANDRIVA
名称: MDKSA-2007:228
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:228
来源: MANDRIVA
名称: MDKSA-2007:227
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:227
来源: MANDRIVA
名称: MDKSA-2007:223
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:223
来源: MANDRIVA
名称: MDKSA-2007:222
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:222
来源: MANDRIVA
名称: MDKSA-2007:221
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:221
来源: MANDRIVA
名称: MDKSA-2007:220
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:220
来源: MANDRIVA
名称: MDKSA-2007:219
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:219
来源: CONFIRM
名称: http://www.kde.org/info/security/advisory-20071107-1.txt
链接:http://www.kde.org/info/security/advisory-20071107-1.txt
来源: VUPEN
名称: ADV-2007-3786
链接:http://www.frsirt.com/english/advisories/2007/3786
来源: VUPEN
名称: ADV-2007-3779
链接:http://www.frsirt.com/english/advisories/2007/3779
来源: VUPEN
名称: ADV-2007-3776
链接:http://www.frsirt.com/english/advisories/2007/3776
来源: VUPEN
名称: ADV-2007-3775
链接:http://www.frsirt.com/english/advisories/2007/3775
来源: VUPEN
名称: ADV-2007-3774
链接:http://www.frsirt.com/english/advisories/2007/3774
来源: support.novell.com
链接:http://support.novell.com/techcenter/PSDb/f83e024a65d69ebc810d2117815b940d.HTML
来源: CONFIRM
名称: http://support.novell.com/techcenter/PSDb/da3498f05433976cc548cc4eaf8349c8.HTML
链接:http://support.novell.com/techcenter/PSDb/da3498f05433976cc548cc4eaf8349c8.HTML
来源: support.novell.com
链接:http://support.novell.com/techcenter/PSDb/43ad7b3569dba59e7ba07677edc01cad.HTML
来源: CONFIRM
名称: http://support.novell.com/techcenter/PSDb/3867a5092daac43cd6a92e6107d9fbce.HTML
链接:http://support.novell.com/techcenter/PSDb/3867a5092daac43cd6a92e6107d9fbce.HTML
来源: support.novell.com
链接:http://support.novell.com/techcenter/PSDb/1d5fd29802b2ef7e342e733731f1e933.HTML
来源: SLACKWARE
名称: SSA:2007-316-01
链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.7618
受影响实体
- Xpdf Xpdf:3.0.1_pl1
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论