CVE-2007-3387

{"id": "CVE-2007-3387", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-07-30T23:17:00.000", "references": [{"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=187139", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248194", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://osvdb.org/40127", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26188", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26251", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26254", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26255", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26257", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26278", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26281", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26283", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26292", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26293", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26297", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26307", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26318", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26325", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26342", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26343", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26358", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26365", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26370", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26395", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26403", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26405", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26407", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26410", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26413", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26425", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26432", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26436", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26467", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26468", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26470", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26514", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26607", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26627", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26862", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26982", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/27156", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/27281", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/27308", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/27637", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/30168", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-200709-12.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-200709-17.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-200710-20.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-200711-34.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-200805-13.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.761882", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=535497", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-401.htm", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2007/dsa-1347", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2007/dsa-1348", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2007/dsa-1349", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2007/dsa-1350", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2007/dsa-1352", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2007/dsa-1354", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2007/dsa-1355", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2007/dsa-1357", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200710-08.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.kde.org/info/security/advisory-20070730-1.txt", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:158", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:159", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:160", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:161", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:162", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:163", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:164", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:165", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.novell.com/linux/security/advisories/2007_16_sr.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0720.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0729.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0730.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0731.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0732.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0735.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/476508/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/476519/30/5400/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/archive/1/476765/30/5340/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/25124", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1018473", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.423670", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/usn-496-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/usn-496-2", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2007/2704", "tags": ["Permissions Required", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2007/2705", "tags": ["Permissions Required", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://issues.foresightlinux.org/browse/FL-471", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://issues.rpath.com/browse/RPL-1596", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://issues.rpath.com/browse/RPL-1604", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11149", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function."}, {"lang": "es", "value": "Un desbordamiento de enteros en la funci\u00f3n StreamPredictor::StreamPredictor en xpdf versi\u00f3n 3.02, tal como es usado en (1) poppler anterior a versi\u00f3n 0.5.91, (2) gpdf anterior a versi\u00f3n 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, ( 6) PDFedit, y otros productos, podr\u00edan permitir que los atacantes remotos ejecuten c\u00f3digo arbitrario por medio de un archivo PDF creado que causa un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria, en la funci\u00f3n StreamPredictor::getNextLine."}], "lastModified": "2023-02-13T02:17:59.997", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08916364-08F4-4416-B84E-2BDD2DC0A3EB", "versionEndIncluding": "1.3.11"}, {"criteria": "cpe:2.3:a:freedesktop:poppler:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B64EB12-180D-4943-93C5-D99E05DE8422", "versionEndExcluding": "0.5.91"}, {"criteria": "cpe:2.3:a:gpdf_project:gpdf:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED4AA11D-1589-49C3-AF7F-89C25F5E017B", "versionEndExcluding": "2.8.2"}, {"criteria": "cpe:2.3:a:xpdfreader:xpdf:3.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14CC22C3-4195-4207-AAA4-E72F22334517"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873"}, {"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}