CVE-2007-4352

Name of the Vulnerable Software and Affected Versions kdegraphics3-pdf versions (affected versions not specified) tetex-latex-3.0 version (affected versions not specified) tetex-xdvi-3.0 version (affected versions not specified) tetex-dvips-3.0 version (affected versions not specified) tetex-doc-3.0 version (affected versions not specified) tetex-3.0 version (affected versions not specified) libextractor versions (affected versions not specified) libextractor-devel versions (affected versions not specified) Xpdf version 3.02pl1 tetex-fonts-3.0 version (affected versions not specified) tetex-afm-3.0 version (affected versions not specified)

Description The issue involves multiple vulnerabilities in various packages of SUSE Linux Enterprise and Red Hat Enterprise Linux operating systems, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, an array index error in the DCTStream::readProgressiveDataUnit method in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.

Recommendations As a temporary workaround, consider disabling the DCTStream::readProgressiveDataUnit method in Xpdf until a patch is available. Restrict access to the vulnerable packages to minimize the risk of exploitation. Avoid using the affected packages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.