CVE-2007-5393
kdegraphics - buffer overflow with arbitrary code execution
EPSS 14.1%
Description
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
How to fix CVE-2007-5393
To remediate CVE-2007-5393, upgrade the affected package to a fixed version below.
- Debian/cups—upgrade to 1.1.22-7 or later
- Debian/kdegraphics—upgrade to 4:3.5.5-3etch2 or later
- Debian/libextractor—upgrade to 0.5.12-1 or later
- —upgrade to 0.6.2-1 or later
- —upgrade to 3.02-1.3 or later
Is CVE-2007-5393 being exploited?
Moderate — EPSS is 14.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (5)
- from 0, < 1.1.22-7
- from 0, < 4:3.5.5-3etch2
- from 0, < 0.5.12-1
- from 0, < 0.6.2-1
- from 0, < 3.02-1.3