CVE-2007-0104

xpdf 3.0.1 patch 2 - Denial of Service via Crafted Catalog Dictionary

Title source: llm
STIX 2.1

Description

The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

References (34)

Core 34
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31364
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0244
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23815
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:022
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:020
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:021
Various Sources x_refsource_confirm
http://www.kde.org/info/security/advisory-20070115-1.txt
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:019
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23799
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23839
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=305214
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-410-2
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:018
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017514
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23791
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_3_sr.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21910
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:024
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1017749
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23844
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-410-1
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0203
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23876
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/457055/100/0/threaded
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0212
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0930
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-964
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23813
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24204
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23808
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24479

Scores

EPSS 0.1901
EPSS Percentile 95.4%

Details

CWE
CWE-20
Status published
Products (17)
kde/kde 3.2
kde/kde 3.2.1
kde/kde 3.2.2
kde/kde 3.2.3
kde/kde 3.3
kde/kde 3.3.1
kde/kde 3.3.2
kde/kde 3.4
kde/kde 3.4.1
kde/kde 3.4.2
... and 7 more
Published Jan 09, 2007
Tracked Since Feb 18, 2026