CVE-2007-5393

Name of the Vulnerable Software and Affected Versions kdegraphics3-pdf versions (affected versions not specified) tetex-latex-3.0 version 3.0 tetex-xdvi-3.0 version 3.0 tetex-dvips-3.0 version 3.0 tetex-doc-3.0 version 3.0 tetex-3.0 version 3.0 libextractor versions (affected versions not specified) libextractor-devel versions (affected versions not specified) tetex-fonts-3.0 version 3.0 tetex-afm-3.0 version 3.0 Xpdf version 3.02p11

Description The issue involves multiple vulnerabilities in various packages of operating systems, including SUSE Linux Enterprise and Red Hat Enterprise Linux. These vulnerabilities can lead to the disruption of confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely. Specifically, a heap-based buffer overflow in the CCITTFaxStream::lookChar method in Xpdf's Stream.cc allows remote attackers to execute arbitrary code via a crafted PDF file containing a CCITTFaxDecode filter.

Recommendations For kdegraphics3-pdf, update to a version that contains a fix for this issue. For tetex-latex-3.0, tetex-xdvi-3.0, tetex-dvips-3.0, tetex-doc-3.0, tetex-3.0, tetex-fonts-3.0, and tetex-afm-3.0, update to a version that contains a fix for this issue. For libextractor and libextractor-devel, update to a version that contains a fix for this issue. For Xpdf version 3.02p11, consider disabling the CCITTFaxStream::lookChar method until a patch is available. As a temporary workaround, restrict access to vulnerable packages to minimize the risk of exploitation.