CVE-2007-3387

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
References
Link Resource
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch Broken Link
ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc Broken Link
http://bugs.gentoo.org/show_bug.cgi?id=187139 Issue Tracking Third Party Advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194 Issue Tracking Third Party Advisory
http://osvdb.org/40127 Broken Link
http://secunia.com/advisories/26188 Third Party Advisory
http://secunia.com/advisories/26251 Third Party Advisory
http://secunia.com/advisories/26254 Third Party Advisory
http://secunia.com/advisories/26255 Third Party Advisory
http://secunia.com/advisories/26257 Third Party Advisory
http://secunia.com/advisories/26278 Third Party Advisory
http://secunia.com/advisories/26281 Third Party Advisory
http://secunia.com/advisories/26283 Third Party Advisory
http://secunia.com/advisories/26292 Third Party Advisory
http://secunia.com/advisories/26293 Third Party Advisory
http://secunia.com/advisories/26297 Third Party Advisory
http://secunia.com/advisories/26307 Third Party Advisory
http://secunia.com/advisories/26318 Third Party Advisory
http://secunia.com/advisories/26325 Third Party Advisory
http://secunia.com/advisories/26342 Third Party Advisory
http://secunia.com/advisories/26343 Third Party Advisory
http://secunia.com/advisories/26358 Third Party Advisory
http://secunia.com/advisories/26365 Third Party Advisory
http://secunia.com/advisories/26370 Third Party Advisory
http://secunia.com/advisories/26395 Third Party Advisory
http://secunia.com/advisories/26403 Third Party Advisory
http://secunia.com/advisories/26405 Third Party Advisory
http://secunia.com/advisories/26407 Third Party Advisory
http://secunia.com/advisories/26410 Third Party Advisory
http://secunia.com/advisories/26413 Third Party Advisory
http://secunia.com/advisories/26425 Third Party Advisory
http://secunia.com/advisories/26432 Third Party Advisory
http://secunia.com/advisories/26436 Third Party Advisory
http://secunia.com/advisories/26467 Third Party Advisory
http://secunia.com/advisories/26468 Third Party Advisory
http://secunia.com/advisories/26470 Third Party Advisory
http://secunia.com/advisories/26514 Third Party Advisory
http://secunia.com/advisories/26607 Third Party Advisory
http://secunia.com/advisories/26627 Third Party Advisory
http://secunia.com/advisories/26862 Third Party Advisory
http://secunia.com/advisories/26982 Third Party Advisory
http://secunia.com/advisories/27156 Third Party Advisory
http://secunia.com/advisories/27281 Third Party Advisory
http://secunia.com/advisories/27308 Third Party Advisory
http://secunia.com/advisories/27637 Third Party Advisory
http://secunia.com/advisories/30168 Third Party Advisory
http://security.gentoo.org/glsa/glsa-200709-12.xml Third Party Advisory
http://security.gentoo.org/glsa/glsa-200709-17.xml Third Party Advisory
http://security.gentoo.org/glsa/glsa-200710-20.xml Third Party Advisory
http://security.gentoo.org/glsa/glsa-200711-34.xml Third Party Advisory
http://security.gentoo.org/glsa/glsa-200805-13.xml Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882 Third Party Advisory
http://sourceforge.net/project/shownotes.php?release_id=535497 Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm Third Party Advisory
http://www.debian.org/security/2007/dsa-1347 Third Party Advisory
http://www.debian.org/security/2007/dsa-1348 Third Party Advisory
http://www.debian.org/security/2007/dsa-1349 Third Party Advisory
http://www.debian.org/security/2007/dsa-1350 Third Party Advisory
http://www.debian.org/security/2007/dsa-1352 Third Party Advisory
http://www.debian.org/security/2007/dsa-1354 Third Party Advisory
http://www.debian.org/security/2007/dsa-1355 Third Party Advisory
http://www.debian.org/security/2007/dsa-1357 Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml Third Party Advisory
http://www.kde.org/info/security/advisory-20070730-1.txt Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:158 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:159 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:160 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:161 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:162 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:163 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:164 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:165 Third Party Advisory
http://www.novell.com/linux/security/advisories/2007_15_sr.html Broken Link
http://www.novell.com/linux/security/advisories/2007_16_sr.html Broken Link
http://www.redhat.com/support/errata/RHSA-2007-0720.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0729.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0730.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0731.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0732.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0735.html Third Party Advisory
http://www.securityfocus.com/archive/1/476508/100/0/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/476519/30/5400/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/476765/30/5340/threaded Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/25124 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1018473 Third Party Advisory VDB Entry
http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670 Third Party Advisory
http://www.ubuntu.com/usn/usn-496-1 Third Party Advisory
http://www.ubuntu.com/usn/usn-496-2 Third Party Advisory
http://www.vupen.com/english/advisories/2007/2704 Permissions Required Third Party Advisory
http://www.vupen.com/english/advisories/2007/2705 Permissions Required Third Party Advisory
https://issues.foresightlinux.org/browse/FL-471 Broken Link
https://issues.rpath.com/browse/RPL-1596 Broken Link
https://issues.rpath.com/browse/RPL-1604 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*
cpe:2.3:a:gpdf_project:gpdf:*:*:*:*:*:*:*:*
cpe:2.3:a:xpdfreader:xpdf:3.02:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-07-30 23:17

Updated : 2024-02-04 17:13


NVD link : CVE-2007-3387

Mitre link : CVE-2007-3387

CVE.ORG link : CVE-2007-3387


JSON object : View

Products Affected

debian

  • debian_linux

canonical

  • ubuntu_linux

freedesktop

  • poppler

xpdfreader

  • xpdf

apple

  • cups

gpdf_project

  • gpdf
CWE
CWE-190

Integer Overflow or Wraparound