Debian Security Advisory DSA 1349-1 (libextractor) Network Vulnerability

Summary

The remote host is missing an update to libextractor announced via advisory DSA 1349-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201349-1

Insight

It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened. libextractor includes a copy of the xpdf code and required an update as well. For the oldstable distribution (sarge) this problem has been fixed in version 0.4.2-2sarge6. The stable distribution (etch) isn't affected by this problem. The unstable distribution (sid) isn't affected by this problem. We recommend that you upgrade your libextractor packages.

Severity

Classification

CVE CVE-2007-3387
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1115-1 (gnupg2)
Debian Security Advisory DSA 1027-1 (mailman)
Debian Security Advisory DSA 041-1 (joe)
Debian Security Advisory DSA 1014-1 (firebird2)
Debian Security Advisory DSA 055-1 (gftp)

Take action and discover your vulnerabilities