Search for vulnerabilities
Vulnerability details: VCID-8b4j-h25y-aaam
Vulnerability ID VCID-8b4j-h25y-aaam
Aliases CVE-2007-5393
Summary Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
Status Published
Exploitability 0.5
Weighted Severity 8.4
Risk 4.2
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2007:1021
rhas Important https://access.redhat.com/errata/RHSA-2007:1022
rhas Important https://access.redhat.com/errata/RHSA-2007:1023
rhas Important https://access.redhat.com/errata/RHSA-2007:1024
rhas Important https://access.redhat.com/errata/RHSA-2007:1025
rhas Important https://access.redhat.com/errata/RHSA-2007:1026
rhas Important https://access.redhat.com/errata/RHSA-2007:1027
rhas Important https://access.redhat.com/errata/RHSA-2007:1028
rhas Important https://access.redhat.com/errata/RHSA-2007:1029
rhas Important https://access.redhat.com/errata/RHSA-2007:1030
rhas Important https://access.redhat.com/errata/RHSA-2007:1031
rhas Important https://access.redhat.com/errata/RHSA-2007:1051
epss 0.0789 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.09518 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.26776 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.26776 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.26776 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.26776 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.35621 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.35621 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.35621 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.35621 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.35621 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.35621 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.35621 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.35621 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
epss 0.35621 https://api.first.org/data/v1/epss?cve=CVE-2007-5393
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=345121
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2007-5393
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5393.json
https://api.first.org/data/v1/epss?cve=CVE-2007-5393
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
http://secunia.com/advisories/26503
http://secunia.com/advisories/27260
http://secunia.com/advisories/27553
http://secunia.com/advisories/27573
http://secunia.com/advisories/27574
http://secunia.com/advisories/27575
http://secunia.com/advisories/27577
http://secunia.com/advisories/27578
http://secunia.com/advisories/27579
http://secunia.com/advisories/27599
http://secunia.com/advisories/27615
http://secunia.com/advisories/27618
http://secunia.com/advisories/27619
http://secunia.com/advisories/27632
http://secunia.com/advisories/27634
http://secunia.com/advisories/27636
http://secunia.com/advisories/27637
http://secunia.com/advisories/27640
http://secunia.com/advisories/27641
http://secunia.com/advisories/27642
http://secunia.com/advisories/27645
http://secunia.com/advisories/27656
http://secunia.com/advisories/27658
http://secunia.com/advisories/27705
http://secunia.com/advisories/27718
http://secunia.com/advisories/27721
http://secunia.com/advisories/27724
http://secunia.com/advisories/27743
http://secunia.com/advisories/27772
http://secunia.com/advisories/27856
http://secunia.com/advisories/28043
http://secunia.com/advisories/28812
http://secunia.com/advisories/29104
http://secunia.com/advisories/29604
http://secunia.com/advisories/30168
http://secunia.com/secunia_research/2007-88/advisory/
http://security.gentoo.org/glsa/glsa-200711-22.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/38304
https://issues.rpath.com/browse/RPL-1926
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9839
http://support.avaya.com/elmodocs2/security/ASA-2007-476.htm
http://support.novell.com/techcenter/psdb/1d5fd29802b2ef7e342e733731f1e933.html
http://support.novell.com/techcenter/psdb/3867a5092daac43cd6a92e6107d9fbce.html
http://support.novell.com/techcenter/psdb/43ad7b3569dba59e7ba07677edc01cad.html
http://support.novell.com/techcenter/psdb/da3498f05433976cc548cc4eaf8349c8.html
http://support.novell.com/techcenter/psdb/f83e024a65d69ebc810d2117815b940d.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00369.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00215.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00224.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00238.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html
http://www.debian.org/security/2007/dsa-1408
http://www.debian.org/security/2008/dsa-1480
http://www.debian.org/security/2008/dsa-1509
http://www.debian.org/security/2008/dsa-1537
http://www.kde.org/info/security/advisory-20071107-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:219
http://www.mandriva.com/security/advisories?name=MDKSA-2007:220
http://www.mandriva.com/security/advisories?name=MDKSA-2007:221
http://www.mandriva.com/security/advisories?name=MDKSA-2007:222
http://www.mandriva.com/security/advisories?name=MDKSA-2007:223
http://www.mandriva.com/security/advisories?name=MDKSA-2007:227
http://www.mandriva.com/security/advisories?name=MDKSA-2007:228
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
http://www.novell.com/linux/security/advisories/2007_60_pdf.html
http://www.redhat.com/support/errata/RHSA-2007-1021.html
http://www.redhat.com/support/errata/RHSA-2007-1022.html
http://www.redhat.com/support/errata/RHSA-2007-1023.html
http://www.redhat.com/support/errata/RHSA-2007-1024.html
http://www.redhat.com/support/errata/RHSA-2007-1025.html
http://www.redhat.com/support/errata/RHSA-2007-1026.html
http://www.redhat.com/support/errata/RHSA-2007-1027.html
http://www.redhat.com/support/errata/RHSA-2007-1028.html
http://www.redhat.com/support/errata/RHSA-2007-1029.html
http://www.redhat.com/support/errata/RHSA-2007-1030.html
http://www.redhat.com/support/errata/RHSA-2007-1031.html
http://www.redhat.com/support/errata/RHSA-2007-1051.html
http://www.securityfocus.com/archive/1/483372
http://www.securityfocus.com/bid/26367
http://www.securitytracker.com/id?1018905
http://www.ubuntu.com/usn/usn-542-1
http://www.ubuntu.com/usn/usn-542-2
http://www.vupen.com/english/advisories/2007/3774
http://www.vupen.com/english/advisories/2007/3775
http://www.vupen.com/english/advisories/2007/3776
http://www.vupen.com/english/advisories/2007/3779
http://www.vupen.com/english/advisories/2007/3786
345121 https://bugzilla.redhat.com/show_bug.cgi?id=345121
450628 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450628
cpe:2.3:a:xpdf:xpdf:3.02p11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xpdf:xpdf:3.02p11:*:*:*:*:*:*:*
CVE-2007-5393 https://nvd.nist.gov/vuln/detail/CVE-2007-5393
GLSA-200711-22 https://security.gentoo.org/glsa/200711-22
RHSA-2007:1021 https://access.redhat.com/errata/RHSA-2007:1021
RHSA-2007:1022 https://access.redhat.com/errata/RHSA-2007:1022
RHSA-2007:1023 https://access.redhat.com/errata/RHSA-2007:1023
RHSA-2007:1024 https://access.redhat.com/errata/RHSA-2007:1024
RHSA-2007:1025 https://access.redhat.com/errata/RHSA-2007:1025
RHSA-2007:1026 https://access.redhat.com/errata/RHSA-2007:1026
RHSA-2007:1027 https://access.redhat.com/errata/RHSA-2007:1027
RHSA-2007:1028 https://access.redhat.com/errata/RHSA-2007:1028
RHSA-2007:1029 https://access.redhat.com/errata/RHSA-2007:1029
RHSA-2007:1030 https://access.redhat.com/errata/RHSA-2007:1030
RHSA-2007:1031 https://access.redhat.com/errata/RHSA-2007:1031
RHSA-2007:1051 https://access.redhat.com/errata/RHSA-2007:1051
USN-542-1 https://usn.ubuntu.com/542-1/
USN-542-2 https://usn.ubuntu.com/542-2/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2007-5393
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.86435
EPSS Score 0.0789
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.