Debian Security Advisory DSA 1354-1 (gpdf) Network Vulnerability

Summary

The remote host is missing an update to gpdf announced via advisory DSA 1354-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201354-1

Insight

It was discovered that an integer overflow in xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. gpdf includes a copy of the xpdf code and requires an update as well. For the oldstable distribution (sarge) this problem has been fixed in version 2.8.2-1.2sarge6. The stable distribution (etch) no longer contains gpdf. The unstable distribution (sid) no longer contains gpdf. We recommend that you upgrade your gpdf packages.

Severity

Classification

CVE CVE-2007-3387

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1147-1 (drupal)
Debian Security Advisory DSA 1107-1 (gnupg)
Debian Security Advisory DSA 025-1 (openssh)
Debian Security Advisory DSA 086-1 (ssh-nonfree, ssh-socks)
Debian Security Advisory DSA 1098-1 (horde3)

Take action and discover your vulnerabilities