CVE-2007-3387

CVSS V2 Medium 6.8 CVSS V3 None
Description
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
Overview
  • CVE ID
  • CVE-2007-3387
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2007-07-30T23:17:00
  • Last Modified Date
  • 2023-02-13T02:17:59
Weakness Enumerations
CWE URL
CWE-190 http://cwe.mitre.org/data/definitions/190.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:* 1 OR 1.3.11
cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:* 1 OR 0.5.91
cpe:2.3:a:gpdf_project:gpdf:*:*:*:*:*:*:*:* 1 OR 2.8.2
cpe:2.3:a:xpdfreader:xpdf:3.02:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.8
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://www.redhat.com/support/errata/RHSA-2007-0730.html Third Party Advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194 Issue Tracking Third Party Advisory
http://bugs.gentoo.org/show_bug.cgi?id=187139 Issue Tracking Third Party Advisory
http://www.kde.org/info/security/advisory-20070730-1.txt Third Party Advisory
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch Broken Link
https://issues.rpath.com/browse/RPL-1596 Broken Link
https://issues.foresightlinux.org/browse/FL-471 Broken Link
https://issues.rpath.com/browse/RPL-1604 Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm Third Party Advisory
http://sourceforge.net/project/shownotes.php?release_id=535497 Broken Link
http://www.debian.org/security/2007/dsa-1347 Third Party Advisory
http://www.debian.org/security/2007/dsa-1348 Third Party Advisory
http://www.debian.org/security/2007/dsa-1349 Third Party Advisory
http://www.debian.org/security/2007/dsa-1350 Third Party Advisory
http://www.debian.org/security/2007/dsa-1352 Third Party Advisory
http://www.debian.org/security/2007/dsa-1355 Third Party Advisory
http://www.debian.org/security/2007/dsa-1354 Third Party Advisory
http://www.debian.org/security/2007/dsa-1357 Third Party Advisory
http://security.gentoo.org/glsa/glsa-200709-12.xml Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml Third Party Advisory
http://security.gentoo.org/glsa/glsa-200710-20.xml Third Party Advisory
http://security.gentoo.org/glsa/glsa-200709-17.xml Third Party Advisory
http://security.gentoo.org/glsa/glsa-200711-34.xml Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:162 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:158 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:159 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:160 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:161 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:163 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:165 Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0720.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0729.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0732.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0735.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0731.html Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc Broken Link
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670 Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882 Third Party Advisory
http://www.novell.com/linux/security/advisories/2007_15_sr.html Broken Link
http://www.novell.com/linux/security/advisories/2007_16_sr.html Broken Link
http://www.ubuntu.com/usn/usn-496-1 Third Party Advisory
http://www.ubuntu.com/usn/usn-496-2 Third Party Advisory
http://www.securityfocus.com/bid/25124 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1018473 Third Party Advisory VDB Entry
http://secunia.com/advisories/26188 Third Party Advisory
http://secunia.com/advisories/26254 Third Party Advisory
http://secunia.com/advisories/26255 Third Party Advisory
http://secunia.com/advisories/26257 Third Party Advisory
http://secunia.com/advisories/26278 Third Party Advisory
http://secunia.com/advisories/26281 Third Party Advisory
http://secunia.com/advisories/26283 Third Party Advisory
http://secunia.com/advisories/26251 Third Party Advisory
http://secunia.com/advisories/26293 Third Party Advisory
http://secunia.com/advisories/26292 Third Party Advisory
http://secunia.com/advisories/26307 Third Party Advisory
http://secunia.com/advisories/26318 Third Party Advisory
http://secunia.com/advisories/26342 Third Party Advisory
http://secunia.com/advisories/26297 Third Party Advisory
http://secunia.com/advisories/26343 Third Party Advisory
http://secunia.com/advisories/26358 Third Party Advisory
http://secunia.com/advisories/26325 Third Party Advisory
http://secunia.com/advisories/26365 Third Party Advisory
http://secunia.com/advisories/26370 Third Party Advisory
http://secunia.com/advisories/26413 Third Party Advisory
http://secunia.com/advisories/26410 Third Party Advisory
http://secunia.com/advisories/26403 Third Party Advisory
http://secunia.com/advisories/26405 Third Party Advisory
http://secunia.com/advisories/26407 Third Party Advisory
http://secunia.com/advisories/26432 Third Party Advisory
http://secunia.com/advisories/26436 Third Party Advisory
http://secunia.com/advisories/26467 Third Party Advisory
http://secunia.com/advisories/26468 Third Party Advisory
http://secunia.com/advisories/26470 Third Party Advisory
http://secunia.com/advisories/26425 Third Party Advisory
http://secunia.com/advisories/26395 Third Party Advisory
http://secunia.com/advisories/26514 Third Party Advisory
http://secunia.com/advisories/26607 Third Party Advisory
http://secunia.com/advisories/26862 Third Party Advisory
http://secunia.com/advisories/27156 Third Party Advisory
http://secunia.com/advisories/27281 Third Party Advisory
http://secunia.com/advisories/27308 Third Party Advisory
http://secunia.com/advisories/27637 Third Party Advisory
http://secunia.com/advisories/26627 Third Party Advisory
http://secunia.com/advisories/26982 Third Party Advisory
http://security.gentoo.org/glsa/glsa-200805-13.xml Third Party Advisory
http://secunia.com/advisories/30168 Third Party Advisory
http://osvdb.org/40127 Broken Link
http://www.vupen.com/english/advisories/2007/2704 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2007/2705 Permissions Required Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149 Third Party Advisory
http://www.securityfocus.com/archive/1/476765/30/5340/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/476519/30/5400/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/476508/100/0/threaded Third Party Advisory VDB Entry
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2007-3387
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
History
Created Old Value New Value Data Type Notes
2022-05-10 07:29:32 Added to TrackCVE
2023-02-02 17:01:49 2023-02-02T16:15:14 CVE Modified Date updated
2023-02-02 17:01:49 Analyzed Modified Vulnerability Status updated
2023-02-02 17:01:49 Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. CVE-2007-3387 xpdf integer overflow Description updated
2023-02-13 03:02:07 2023-02-13T02:17:59 CVE Modified Date updated
2023-02-13 03:02:07 CVE-2007-3387 xpdf integer overflow Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. Description updated