Intrusion Prevention



This indicates an attempt to exploit a vulnerability that exists in xpdf, KDE and KOffice. This vulnerability is caused by an integer overflow in "StreamPredictor::StreamPredictor()". The vulnerable software fails to properly check the value of "nComps". Successful exploitation allows remote attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF file.

Affected Products

xpdf version 3.02 and prior
KDE versions 3.x
KOffice versions 1.x


System compromise: remote code execution.

Recommended Actions

Apply patch for KOffice 1.x :
Apply patch for KDE 3.x :
Apply patch for xpdf:

CVE References