The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, Β© poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
docs.info.apple.com/article.html?artnum=305214
projects.info-pull.com/moab/MOAB-06-01-2007.html
secunia.com/advisories/23791
secunia.com/advisories/23799
secunia.com/advisories/23808
secunia.com/advisories/23813
secunia.com/advisories/23815
secunia.com/advisories/23839
secunia.com/advisories/23844
secunia.com/advisories/23876
secunia.com/advisories/24204
secunia.com/advisories/24479
securitytracker.com/id?1017514
support.novell.com/techcenter/psdb/44d7cb9b669d58e0ce5aa5d7ab2c7c53.html
www.kde.org/info/security/advisory-20070115-1.txt
www.mandriva.com/security/advisories?name=MDKSA-2007:018
www.mandriva.com/security/advisories?name=MDKSA-2007:019
www.mandriva.com/security/advisories?name=MDKSA-2007:020
www.mandriva.com/security/advisories?name=MDKSA-2007:021
www.mandriva.com/security/advisories?name=MDKSA-2007:022
www.mandriva.com/security/advisories?name=MDKSA-2007:024
www.novell.com/linux/security/advisories/2007_3_sr.html
www.securityfocus.com/archive/1/457055/100/0/threaded
www.securityfocus.com/bid/21910
www.securitytracker.com/id?1017749
www.ubuntu.com/usn/usn-410-1
www.ubuntu.com/usn/usn-410-2
www.us-cert.gov/cas/techalerts/TA07-072A.html
www.vupen.com/english/advisories/2007/0203
www.vupen.com/english/advisories/2007/0212
www.vupen.com/english/advisories/2007/0244
www.vupen.com/english/advisories/2007/0930
exchange.xforce.ibmcloud.com/vulnerabilities/31364
issues.rpath.com/browse/RPL-964