Summary
The remote host is missing an update to pdfkit.framework announced via advisory DSA 1352-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201352-1
Insight
It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.
pdfkit.framework includes a copy of the xpdf code and required an update as well.
For the oldstable distribution (sarge) this problem has been fixed in version 0.8-2sarge4.
The package from the stable distribution (etch) links dynamically against libpoppler and doesn't require a separate update.
The package from the unstable distribution (sid) links dynamically against libpoppler and doesn't require a separate update.
We recommend that you upgrade your pdfkit.framework packages.
Severity
Classification
-
CVE CVE-2007-3387 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities