Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2007-3387

Published: 30/07/2007 Updated: 13/02/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Xpdf

Vulnerability Summary

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler prior to 0.5.91, (2) gpdf prior to 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote malicious users to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xpdfreader xpdf 3.02

apple cups

freedesktop poppler

gpdf project gpdf

debian debian linux 3.1

debian debian linux 4.0

canonical ubuntu linux 7.04

canonical ubuntu linux 6.10

canonical ubuntu linux 6.06

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2007-3387: Integer overflow in poppler
Debian Bug report logs - #435460 CVE-2007-3387: Integer overflow in poppler Package: libpoppler1; Maintainer for libpoppler1 is (unknown); Reported by: Stefan Fritsch <sf@sfritschde> Date: Tue, 31 Jul 2007 21:27:01 UTC Severity: grave Tags: patch, security Found in version poppler/054-6 Fixed in version poppler/054-6 ...
Ubuntu Security Notice: poppler vulnerability
USN-496-1 fixed a vulnerability in koffice This update provides the corresponding updates for poppler, the library used for PDF handling in Gnome ...
Ubuntu Security Notice: koffice vulnerability
Derek Noonburg discovered an integer overflow in the Xpdf function StreamPredictor::StreamPredictor() By importing a specially crafted PDF file into KWord, this could be exploited to run arbitrary code with the user’s privileges ...
Debian Security Advisories: DSA-1352-1 pdfkit.framework -- integer overflow
It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened pdfkitframework includes a copy of the xpdf code and required an update as well For the oldstable distribution (sarge) this problem has been fixed in version 08-2sarge4 The package from the stable dist ...
Debian Security Advisories: DSA-1349-1 libextractor -- integer overflow
It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened libextractor includes a copy of the xpdf code and required an update as well For the oldstable distribution (sarge) this problem has been fixed in version 042-2sarge6 The stable distribution (etch) isn ...
Debian Security Advisories: DSA-1347-1 xpdf -- integer overflow
It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened For the oldstable distribution (sarge) this problem has been fixed in version 300-137 For the stable distribution (etch) this problem has been fixed in version 301-9etch1 For the unstable distribution ...
Debian Security Advisories: DSA-1357-1 koffice -- integer overflow
It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened koffice includes a copy of the xpdf code and required an update as well The oldstable distribution (sarge) will be fixed later For the stable distribution (etch) this problem has been fixed in version 1 ...
Debian Security Advisories: DSA-1348-1 poppler -- integer overflow
It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened poppler includes a copy of the xpdf code and required an update as well The oldstable distribution (sarge) doesn't include poppler For the stable distribution (etch) this problem has been fixed in versio ...
Debian Security Advisories: DSA-1350-1 tetex-bin -- integer overflow
It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened tetex-bin includes a copy of the xpdf code and required an update as well For the oldstable distribution (sarge) this problem has been fixed in version 202-30sarge5 The package from the stable distribu ...
Debian Security Advisories: DSA-1354-1 gpdf -- integer overflow
It was discovered that an integer overflow in xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened gpdf includes a copy of the xpdf code and requires an update as well For the oldstable distribution (sarge) this problem has been fixed in version 282-12sarge6 The stable distribution (etch) no longer con ...

References

CWE-190http://www.redhat.com/support/errata/RHSA-2007-0730.htmlhttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194http://bugs.gentoo.org/show_bug.cgi?id=187139http://www.kde.org/info/security/advisory-20070730-1.txtftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patchhttps://issues.rpath.com/browse/RPL-1596https://issues.foresightlinux.org/browse/FL-471https://issues.rpath.com/browse/RPL-1604http://support.avaya.com/elmodocs2/security/ASA-2007-401.htmhttp://sourceforge.net/project/shownotes.php?release_id=535497http://www.debian.org/security/2007/dsa-1347http://www.debian.org/security/2007/dsa-1348http://www.debian.org/security/2007/dsa-1349http://www.debian.org/security/2007/dsa-1350http://www.debian.org/security/2007/dsa-1352http://www.debian.org/security/2007/dsa-1355http://www.debian.org/security/2007/dsa-1354http://www.debian.org/security/2007/dsa-1357http://security.gentoo.org/glsa/glsa-200709-12.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200710-08.xmlhttp://security.gentoo.org/glsa/glsa-200710-20.xmlhttp://security.gentoo.org/glsa/glsa-200709-17.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:162http://www.mandriva.com/security/advisories?name=MDKSA-2007:158http://www.mandriva.com/security/advisories?name=MDKSA-2007:159http://www.mandriva.com/security/advisories?name=MDKSA-2007:160http://www.mandriva.com/security/advisories?name=MDKSA-2007:161http://www.mandriva.com/security/advisories?name=MDKSA-2007:163http://www.mandriva.com/security/advisories?name=MDKSA-2007:164http://www.mandriva.com/security/advisories?name=MDKSA-2007:165http://www.redhat.com/support/errata/RHSA-2007-0720.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0729.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0732.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0735.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0731.htmlftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.aschttp://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882http://www.novell.com/linux/security/advisories/2007_15_sr.htmlhttp://www.novell.com/linux/security/advisories/2007_16_sr.htmlhttp://www.ubuntu.com/usn/usn-496-1http://www.ubuntu.com/usn/usn-496-2http://www.securityfocus.com/bid/25124http://www.securitytracker.com/id?1018473http://secunia.com/advisories/26188http://secunia.com/advisories/26254http://secunia.com/advisories/26255http://secunia.com/advisories/26257http://secunia.com/advisories/26278http://secunia.com/advisories/26281http://secunia.com/advisories/26283http://secunia.com/advisories/26251http://secunia.com/advisories/26293http://secunia.com/advisories/26292http://secunia.com/advisories/26307http://secunia.com/advisories/26318http://secunia.com/advisories/26342http://secunia.com/advisories/26297http://secunia.com/advisories/26343http://secunia.com/advisories/26358http://secunia.com/advisories/26325http://secunia.com/advisories/26365http://secunia.com/advisories/26370http://secunia.com/advisories/26413http://secunia.com/advisories/26410http://secunia.com/advisories/26403http://secunia.com/advisories/26405http://secunia.com/advisories/26407http://secunia.com/advisories/26432http://secunia.com/advisories/26436http://secunia.com/advisories/26467http://secunia.com/advisories/26468http://secunia.com/advisories/26470http://secunia.com/advisories/26425http://secunia.com/advisories/26395http://secunia.com/advisories/26514http://secunia.com/advisories/26607http://secunia.com/advisories/26862http://secunia.com/advisories/27156http://secunia.com/advisories/27281http://secunia.com/advisories/27308http://secunia.com/advisories/27637http://secunia.com/advisories/26627http://secunia.com/advisories/26982http://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://secunia.com/advisories/30168http://osvdb.org/40127http://www.vupen.com/english/advisories/2007/2704http://www.vupen.com/english/advisories/2007/2705https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149http://www.securityfocus.com/archive/1/476765/30/5340/threadedhttp://www.securityfocus.com/archive/1/476519/30/5400/threadedhttp://www.securityfocus.com/archive/1/476508/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=435460https://usn.ubuntu.com/496-2/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook