Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-3387

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Published

2007-07-30T23:17:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apple	cups	≤ 1.3.11	Yes
Application	freedesktop	poppler	< 0.5.91	Yes
Application	gpdf_project	gpdf	< 2.8.2	Yes
Application	xpdfreader	xpdf	3.02	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	4.0	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	6.10	Yes
Operating System	canonical	ubuntu_linux	7.04	Yes

References

ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch Broken Link ([email protected])
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc Broken Link ([email protected])
http://bugs.gentoo.org/show_bug.cgi?id=187139 Issue Tracking, Third Party Advisory ([email protected])
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194 Issue Tracking, Third Party Advisory ([email protected])
http://osvdb.org/40127 Broken Link ([email protected])
http://secunia.com/advisories/26188 Third Party Advisory ([email protected])
http://secunia.com/advisories/26251 Third Party Advisory ([email protected])
http://secunia.com/advisories/26254 Third Party Advisory ([email protected])
http://secunia.com/advisories/26255 Third Party Advisory ([email protected])
http://secunia.com/advisories/26257 Third Party Advisory ([email protected])
http://secunia.com/advisories/26278 Third Party Advisory ([email protected])
http://secunia.com/advisories/26281 Third Party Advisory ([email protected])
http://secunia.com/advisories/26283 Third Party Advisory ([email protected])
http://secunia.com/advisories/26292 Third Party Advisory ([email protected])
http://secunia.com/advisories/26293 Third Party Advisory ([email protected])
http://secunia.com/advisories/26297 Third Party Advisory ([email protected])
http://secunia.com/advisories/26307 Third Party Advisory ([email protected])
http://secunia.com/advisories/26318 Third Party Advisory ([email protected])
http://secunia.com/advisories/26325 Third Party Advisory ([email protected])
http://secunia.com/advisories/26342 Third Party Advisory ([email protected])
http://secunia.com/advisories/26343 Third Party Advisory ([email protected])
http://secunia.com/advisories/26358 Third Party Advisory ([email protected])
http://secunia.com/advisories/26365 Third Party Advisory ([email protected])
http://secunia.com/advisories/26370 Third Party Advisory ([email protected])
http://secunia.com/advisories/26395 Third Party Advisory ([email protected])
http://secunia.com/advisories/26403 Third Party Advisory ([email protected])
http://secunia.com/advisories/26405 Third Party Advisory ([email protected])
http://secunia.com/advisories/26407 Third Party Advisory ([email protected])
http://secunia.com/advisories/26410 Third Party Advisory ([email protected])
http://secunia.com/advisories/26413 Third Party Advisory ([email protected])
http://secunia.com/advisories/26425 Third Party Advisory ([email protected])
http://secunia.com/advisories/26432 Third Party Advisory ([email protected])
http://secunia.com/advisories/26436 Third Party Advisory ([email protected])
http://secunia.com/advisories/26467 Third Party Advisory ([email protected])
http://secunia.com/advisories/26468 Third Party Advisory ([email protected])
http://secunia.com/advisories/26470 Third Party Advisory ([email protected])
http://secunia.com/advisories/26514 Third Party Advisory ([email protected])
http://secunia.com/advisories/26607 Third Party Advisory ([email protected])
http://secunia.com/advisories/26627 Third Party Advisory ([email protected])
http://secunia.com/advisories/26862 Third Party Advisory ([email protected])
http://secunia.com/advisories/26982 Third Party Advisory ([email protected])
http://secunia.com/advisories/27156 Third Party Advisory ([email protected])
http://secunia.com/advisories/27281 Third Party Advisory ([email protected])
http://secunia.com/advisories/27308 Third Party Advisory ([email protected])
http://secunia.com/advisories/27637 Third Party Advisory ([email protected])
http://secunia.com/advisories/30168 Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200709-12.xml Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200709-17.xml Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200710-20.xml Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200711-34.xml Third Party Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200805-13.xml Third Party Advisory ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882 Third Party Advisory ([email protected])
http://sourceforge.net/project/shownotes.php?release_id=535497 Broken Link ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm Third Party Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1347 Third Party Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1348 Third Party Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1349 Third Party Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1350 Third Party Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1352 Third Party Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1354 Third Party Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1355 Third Party Advisory ([email protected])
http://www.debian.org/security/2007/dsa-1357 Third Party Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml Third Party Advisory ([email protected])
http://www.kde.org/info/security/advisory-20070730-1.txt Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:158 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:159 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:160 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:161 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:162 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:163 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:165 Third Party Advisory ([email protected])
http://www.novell.com/linux/security/advisories/2007_15_sr.html Broken Link ([email protected])
http://www.novell.com/linux/security/advisories/2007_16_sr.html Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0720.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0729.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0730.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0731.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0732.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-0735.html Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/476508/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/476519/30/5400/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/476765/30/5340/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/25124 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1018473 Third Party Advisory, VDB Entry ([email protected])
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/usn-496-1 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/usn-496-2 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2007/2704 Permissions Required, Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2007/2705 Permissions Required, Third Party Advisory ([email protected])
https://issues.foresightlinux.org/browse/FL-471 Broken Link ([email protected])
https://issues.rpath.com/browse/RPL-1596 Broken Link ([email protected])
https://issues.rpath.com/browse/RPL-1604 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149 Third Party Advisory ([email protected])
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch Broken Link (af854a3a-2127-422b-91ae-364da2661108)
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://bugs.gentoo.org/show_bug.cgi?id=187139 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/40127 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26188 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26251 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26254 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26255 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26257 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26278 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26281 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26283 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26292 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26293 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26297 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26307 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26318 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26325 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26342 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26343 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26358 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26365 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26370 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26395 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26403 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26405 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26407 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26410 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26413 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26425 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26432 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26436 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26467 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26468 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26470 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26514 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26607 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26627 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26862 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26982 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27156 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27281 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27308 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27637 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30168 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200709-12.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200709-17.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200710-20.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200711-34.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200805-13.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sourceforge.net/project/shownotes.php?release_id=535497 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1347 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1348 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1349 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1350 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1352 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1354 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1355 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1357 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kde.org/info/security/advisory-20070730-1.txt Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:158 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:159 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:160 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:161 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:162 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:163 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:165 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2007_15_sr.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2007_16_sr.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0720.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0729.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0730.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0731.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0732.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-0735.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/476508/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/476519/30/5400/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/476765/30/5340/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/25124 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1018473 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-496-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-496-2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/2704 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/2705 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://issues.foresightlinux.org/browse/FL-471 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1596 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1604 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)