CVE - CVE-2007-3387

CVE-ID
CVE-2007-3387	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070814 FLEA-2007-0044-1 tetex tetex-dvips tetex-fonts URL:http://www.securityfocus.com/archive/1/archive/1/476508/100/0/threaded BUGTRAQ:20070814 FLEA-2007-0045-1 poppler URL:http://www.securityfocus.com/archive/1/archive/1/476519/30/5400/threaded BUGTRAQ:20070816 FLEA-2007-0046-1 cups URL:http://www.securityfocus.com/archive/1/archive/1/476765/30/5340/threaded MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194 MISC:http://bugs.gentoo.org/show_bug.cgi?id=187139 CONFIRM:http://www.kde.org/info/security/advisory-20070730-1.txt CONFIRM:ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch CONFIRM:https://issues.rpath.com/browse/RPL-1596 CONFIRM:https://issues.foresightlinux.org/browse/FL-471 CONFIRM:https://issues.rpath.com/browse/RPL-1604 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=535497 DEBIAN:DSA-1347 URL:http://www.debian.org/security/2007/dsa-1347 DEBIAN:DSA-1348 URL:http://www.debian.org/security/2007/dsa-1348 DEBIAN:DSA-1349 URL:http://www.debian.org/security/2007/dsa-1349 DEBIAN:DSA-1350 URL:http://www.debian.org/security/2007/dsa-1350 DEBIAN:DSA-1352 URL:http://www.debian.org/security/2007/dsa-1352 DEBIAN:DSA-1355 URL:http://www.debian.org/security/2007/dsa-1355 DEBIAN:DSA-1354 URL:http://www.debian.org/security/2007/dsa-1354 DEBIAN:DSA-1357 URL:http://www.debian.org/security/2007/dsa-1357 GENTOO:GLSA-200709-12 URL:http://security.gentoo.org/glsa/glsa-200709-12.xml GENTOO:GLSA-200710-08 URL:http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml GENTOO:GLSA-200710-20 URL:http://security.gentoo.org/glsa/glsa-200710-20.xml GENTOO:GLSA-200709-17 URL:http://security.gentoo.org/glsa/glsa-200709-17.xml GENTOO:GLSA-200711-34 URL:http://security.gentoo.org/glsa/glsa-200711-34.xml GENTOO:GLSA-200805-13 URL:http://security.gentoo.org/glsa/glsa-200805-13.xml MANDRIVA:MDKSA-2007:162 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:162 MANDRIVA:MDKSA-2007:158 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:158 MANDRIVA:MDKSA-2007:159 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:159 MANDRIVA:MDKSA-2007:160 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:160 MANDRIVA:MDKSA-2007:161 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:161 MANDRIVA:MDKSA-2007:163 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:163 MANDRIVA:MDKSA-2007:164 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:164 MANDRIVA:MDKSA-2007:165 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:165 REDHAT:RHSA-2007:0730 URL:http://www.redhat.com/support/errata/RHSA-2007-0730.html REDHAT:RHSA-2007:0720 URL:http://www.redhat.com/support/errata/RHSA-2007-0720.html REDHAT:RHSA-2007:0729 URL:http://www.redhat.com/support/errata/RHSA-2007-0729.html REDHAT:RHSA-2007:0732 URL:http://www.redhat.com/support/errata/RHSA-2007-0732.html REDHAT:RHSA-2007:0735 URL:http://www.redhat.com/support/errata/RHSA-2007-0735.html REDHAT:RHSA-2007:0731 URL:http://www.redhat.com/support/errata/RHSA-2007-0731.html SGI:20070801-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc SLACKWARE:SSA:2007-222-05 URL:http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670 SLACKWARE:SSA:2007-316-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882 SUSE:SUSE-SR:2007:015 URL:http://www.novell.com/linux/security/advisories/2007_15_sr.html SUSE:SUSE-SR:2007:016 URL:http://www.novell.com/linux/security/advisories/2007_16_sr.html UBUNTU:USN-496-1 URL:http://www.ubuntu.com/usn/usn-496-1 UBUNTU:USN-496-2 URL:http://www.ubuntu.com/usn/usn-496-2 BID:25124 URL:http://www.securityfocus.com/bid/25124 OVAL:oval:org.mitre.oval:def:11149 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149 VUPEN:ADV-2007-2704 URL:http://www.vupen.com/english/advisories/2007/2704 VUPEN:ADV-2007-2705 URL:http://www.vupen.com/english/advisories/2007/2705 OSVDB:40127 URL:http://osvdb.org/40127 SECTRACK:1018473 URL:http://www.securitytracker.com/id?1018473 SECUNIA:26188 URL:http://secunia.com/advisories/26188 SECUNIA:26254 URL:http://secunia.com/advisories/26254 SECUNIA:26255 URL:http://secunia.com/advisories/26255 SECUNIA:26257 URL:http://secunia.com/advisories/26257 SECUNIA:26278 URL:http://secunia.com/advisories/26278 SECUNIA:26281 URL:http://secunia.com/advisories/26281 SECUNIA:26283 URL:http://secunia.com/advisories/26283 SECUNIA:26251 URL:http://secunia.com/advisories/26251 SECUNIA:26293 URL:http://secunia.com/advisories/26293 SECUNIA:26292 URL:http://secunia.com/advisories/26292 SECUNIA:26307 URL:http://secunia.com/advisories/26307 SECUNIA:26318 URL:http://secunia.com/advisories/26318 SECUNIA:26342 URL:http://secunia.com/advisories/26342 SECUNIA:26297 URL:http://secunia.com/advisories/26297 SECUNIA:26343 URL:http://secunia.com/advisories/26343 SECUNIA:26358 URL:http://secunia.com/advisories/26358 SECUNIA:26325 URL:http://secunia.com/advisories/26325 SECUNIA:26365 URL:http://secunia.com/advisories/26365 SECUNIA:26370 URL:http://secunia.com/advisories/26370 SECUNIA:26413 URL:http://secunia.com/advisories/26413 SECUNIA:26410 URL:http://secunia.com/advisories/26410 SECUNIA:26403 URL:http://secunia.com/advisories/26403 SECUNIA:26405 URL:http://secunia.com/advisories/26405 SECUNIA:26407 URL:http://secunia.com/advisories/26407 SECUNIA:26432 URL:http://secunia.com/advisories/26432 SECUNIA:26436 URL:http://secunia.com/advisories/26436 SECUNIA:26467 URL:http://secunia.com/advisories/26467 SECUNIA:26468 URL:http://secunia.com/advisories/26468 SECUNIA:26470 URL:http://secunia.com/advisories/26470 SECUNIA:26425 URL:http://secunia.com/advisories/26425 SECUNIA:26395 URL:http://secunia.com/advisories/26395 SECUNIA:26514 URL:http://secunia.com/advisories/26514 SECUNIA:26607 URL:http://secunia.com/advisories/26607 SECUNIA:26862 URL:http://secunia.com/advisories/26862 SECUNIA:27156 URL:http://secunia.com/advisories/27156 SECUNIA:27281 URL:http://secunia.com/advisories/27281 SECUNIA:27308 URL:http://secunia.com/advisories/27308 SECUNIA:27637 URL:http://secunia.com/advisories/27637 SECUNIA:26627 URL:http://secunia.com/advisories/26627 SECUNIA:26982 URL:http://secunia.com/advisories/26982 SECUNIA:30168 URL:http://secunia.com/advisories/30168
Assigning CNA
N/A
Date Entry Created
20070625	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070625)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org