CVE-2007-4352
koffice - several vulnerabilities
EPSS 25.2%
Description
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.
How to fix CVE-2007-4352
To remediate CVE-2007-4352, upgrade the affected package to a fixed version below.
- Debian/cups—upgrade to 1.1.22-7 or later
- Debian/kdegraphics—upgrade to 4:3.5.7-4+lenny1 or later
- Debian/koffice—upgrade to 1:1.6.3-3+lenny1 or later
- —upgrade to 1:1.6.1-2etch2 or later
- —upgrade to 0.5.12-1 or later
- —upgrade to 0.6.2-1 or later
- —upgrade to 0.4.5-5.1etch2 or later
- —upgrade to 3.01-9.1+etch2 or later
- —upgrade to 3.02-1.3 or later
Is CVE-2007-4352 being exploited?
Moderate — EPSS is 25.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (9)
- from 0, < 1.1.22-7
- from 0, < 4:3.5.7-4+lenny1
- from 0, < 1:1.6.3-3+lenny1
- from 0, < 1:1.6.1-2etch2
- from 0, < 0.5.12-1
- from 0, < 0.6.2-1
- from 0, < 0.4.5-5.1etch2
- from 0, < 3.01-9.1+etch2
- from 0, < 3.02-1.3