{"api_version":"1","generated_at":"2026-04-22T23:07:55+00:00","cve":"CVE-2007-0104","urls":{"html":"https://cve.report/CVE-2007-0104","api":"https://cve.report/api/cve/CVE-2007-0104.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-0104","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-0104"},"summary":{"title":"CVE-2007-0104","description":"The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2007-01-09 00:28:00","updated_at":"2018-10-16 16:31:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:020","name":"MDKSA-2007:020","refsource":"MANDRIVA","tags":[],"title":"Advisories - Mandriva Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:021","name":"MDKSA-2007:021","refsource":"MANDRIVA","tags":[],"title":"Advisories - Mandriva Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:022","name":"MDKSA-2007:022","refsource":"MANDRIVA","tags":[],"title":"Advisories - Mandriva Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/0244","name":"ADV-2007-0244","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23791","name":"23791","refsource":"SECUNIA","tags":[],"title":"Ubuntu update for poppler - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23876","name":"23876","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"rPath update for poppler - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://docs.info.apple.com/article.html?artnum=305214","name":"http://docs.info.apple.com/article.html?artnum=305214","refsource":"CONFIRM","tags":[],"title":"About the security content of Mac OS X 10.4.9 and Security Update 2007-003","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.kde.org/info/security/advisory-20070115-1.txt","name":"http://www.kde.org/info/security/advisory-20070115-1.txt","refsource":"CONFIRM","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23844","name":"23844","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Mandriva update for poppler - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23808","name":"23808","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Mandriva update for tetex - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://issues.rpath.com/browse/RPL-964","name":"https://issues.rpath.com/browse/RPL-964","refsource":"CONFIRM","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"404"},{"url":"http://secunia.com/advisories/24204","name":"24204","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"SUSE update for poppler - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/24479","name":"24479","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Mac OS X Security Update Fixes Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23815","name":"23815","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Mandriva update for koffice - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.us-cert.gov/cas/techalerts/TA07-072A.html","name":"TA07-072A","refsource":"CERT","tags":["US Government Resource"],"title":"US-CERT Technical Cyber Security Alert TA07-072A -- Apple Updates for Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/21910","name":"21910","refsource":"BID","tags":["Exploit"],"title":"Multiple PDF Readers Multiple Remote Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2007/0203","name":"ADV-2007-0203","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/0212","name":"ADV-2007-0212","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1017749","name":"1017749","refsource":"SECTRACK","tags":[],"title":"Apple Mac OS X CoreGraphics PDF File Processing Bug Lets Remote Users Deny Service - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:024","name":"MDKSA-2007:024","refsource":"MANDRIVA","tags":[],"title":"Advisories - Mandriva Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23839","name":"23839","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Mandriva update for kdegraphics - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://projects.info-pull.com/moab/MOAB-06-01-2007.html","name":"http://projects.info-pull.com/moab/MOAB-06-01-2007.html","refsource":"MISC","tags":[],"title":"MOAB-06-01-2007: Multiple Vendor PDF Document Catalog Handling Vulnerability","mime":"text/html","httpstatus":"522","archivestatus":"200"},{"url":"http://support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html","name":"http://support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html","refsource":"CONFIRM","tags":[],"title":"Security update for poppler","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23813","name":"23813","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Poppler Invalid Tree Node Denial of Service - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/usn-410-1","name":"USN-410-1","refsource":"UBUNTU","tags":[],"title":"USN-410-1: poppler vulnerability | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/457055/100/0/threaded","name":"20070116 [KDE Security Advisory] kpdf/kword/xpdf denial of service vulnerability","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/usn-410-2","name":"USN-410-2","refsource":"UBUNTU","tags":[],"title":"USN-410-2: teTeX vulnerability | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/0930","name":"ADV-2007-0930","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail - OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1017514","name":"1017514","refsource":"SECTRACK","tags":[],"title":"SecurityTracker.com Archives - KDE kpdf Bug Lets Remote Users Deny Service","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/31364","name":"multiple-vendor-pdf-code-execution(31364)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.novell.com/linux/security/advisories/2007_3_sr.html","name":"SUSE-SR:2007:003","refsource":"SUSE","tags":[],"title":"Security Announcement","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:019","name":"MDKSA-2007:019","refsource":"MANDRIVA","tags":[],"title":"Advisories - Mandriva Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23799","name":"23799","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"KDE and KOffice PDF Invalid Tree Node Denial of Service Weakness - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:018","name":"MDKSA-2007:018","refsource":"MANDRIVA","tags":[],"title":"Advisories - Mandriva Linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-0104","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-0104","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.4.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.4.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.4.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.3.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.4.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.4.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.4.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"kde","cpe5":"kde","cpe6":"3.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"xpdf","cpe5":"xpdf","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"xpdf","cpe5":"xpdf","cpe6":"3.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"xpdf","cpe5":"xpdf","cpe6":"3.0.1_pl1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"xpdf","cpe5":"xpdf","cpe6":"3.0.1_pl2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"xpdf","cpe5":"xpdf","cpe6":"3.0_pl2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"xpdf","cpe5":"xpdf","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"xpdf","cpe5":"xpdf","cpe6":"3.0.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"xpdf","cpe5":"xpdf","cpe6":"3.0.1_pl1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"xpdf","cpe5":"xpdf","cpe6":"3.0.1_pl2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"104","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"xpdf","cpe5":"xpdf","cpe6":"3.0_pl2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[{"cvename":"CVE-2007-0104","organization":"Red Hat","lastmodified":"2007-01-15","contributor":"Joshua Bressers","statementText":"Not Vulnerable. This flaw is the result of an infinite recursion flaw in xpdf, which cannot result in arbitrary code execution.","cve_year":"2007","cve_id":"104","crc32":"edf5cf72"}],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-0104","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"23815","refsource":"SECUNIA","url":"http://secunia.com/advisories/23815"},{"name":"MDKSA-2007:022","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:022"},{"name":"MDKSA-2007:020","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:020"},{"name":"TA07-072A","refsource":"CERT","url":"http://www.us-cert.gov/cas/techalerts/TA07-072A.html"},{"name":"MDKSA-2007:021","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:021"},{"name":"http://www.kde.org/info/security/advisory-20070115-1.txt","refsource":"CONFIRM","url":"http://www.kde.org/info/security/advisory-20070115-1.txt"},{"name":"MDKSA-2007:019","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:019"},{"name":"23799","refsource":"SECUNIA","url":"http://secunia.com/advisories/23799"},{"name":"23839","refsource":"SECUNIA","url":"http://secunia.com/advisories/23839"},{"name":"http://docs.info.apple.com/article.html?artnum=305214","refsource":"CONFIRM","url":"http://docs.info.apple.com/article.html?artnum=305214"},{"name":"multiple-vendor-pdf-code-execution(31364)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/31364"},{"name":"USN-410-2","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/usn-410-2"},{"name":"MDKSA-2007:018","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:018"},{"name":"1017514","refsource":"SECTRACK","url":"http://securitytracker.com/id?1017514"},{"name":"23791","refsource":"SECUNIA","url":"http://secunia.com/advisories/23791"},{"name":"SUSE-SR:2007:003","refsource":"SUSE","url":"http://www.novell.com/linux/security/advisories/2007_3_sr.html"},{"name":"http://support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html","refsource":"CONFIRM","url":"http://support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html"},{"name":"21910","refsource":"BID","url":"http://www.securityfocus.com/bid/21910"},{"name":"MDKSA-2007:024","refsource":"MANDRIVA","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2007:024"},{"name":"1017749","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1017749"},{"name":"http://projects.info-pull.com/moab/MOAB-06-01-2007.html","refsource":"MISC","url":"http://projects.info-pull.com/moab/MOAB-06-01-2007.html"},{"name":"23844","refsource":"SECUNIA","url":"http://secunia.com/advisories/23844"},{"name":"USN-410-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/usn-410-1"},{"name":"ADV-2007-0203","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/0203"},{"name":"23876","refsource":"SECUNIA","url":"http://secunia.com/advisories/23876"},{"name":"20070116 [KDE Security Advisory] kpdf/kword/xpdf denial of service vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/457055/100/0/threaded"},{"name":"ADV-2007-0244","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/0244"},{"name":"ADV-2007-0212","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/0212"},{"name":"ADV-2007-0930","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/0930"},{"name":"https://issues.rpath.com/browse/RPL-964","refsource":"CONFIRM","url":"https://issues.rpath.com/browse/RPL-964"},{"name":"23813","refsource":"SECUNIA","url":"http://secunia.com/advisories/23813"},{"name":"24204","refsource":"SECUNIA","url":"http://secunia.com/advisories/24204"},{"name":"23808","refsource":"SECUNIA","url":"http://secunia.com/advisories/23808"},{"name":"24479","refsource":"SECUNIA","url":"http://secunia.com/advisories/24479"}]}},"nvd":{"publishedDate":"2007-01-09 00:28:00","lastModifiedDate":"2018-10-16 16:31:00","problem_types":["CWE-20"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:xpdf:xpdf:3.0.1_pl1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:xpdf:xpdf:3.0.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:xpdf:xpdf:3.0.1_pl2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:xpdf:xpdf:3.0_pl2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:xpdf:xpdf:3.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:kde:kde:3.2.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:kde:kde:3.2.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:kde:kde:3.4.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:kde:kde:3.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:kde:kde:3.5:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:kde:kde:3.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:kde:kde:3.4.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:kde:kde:3.4.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"104","Ordinal":"22387","Title":"CVE-2007-0104","CVE":"CVE-2007-0104","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"104","Ordinal":"1","NoteData":"The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.","Type":"Description","Title":null},{"CveYear":"2007","CveId":"104","Ordinal":"2","NoteData":"2007-01-08","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"104","Ordinal":"3","NoteData":"2018-10-16","Type":"Other","Title":"Modified"}]}}}